Exploitation Would Grant Attacker Domain Administrator Rights That Could Compromise Entire Corporate Infrastructure
Microsoft addressed a total of 123 vulnerabilities with its July 2020 Patch Tuesday updates, including a critical remote code execution bug that has affected Windows DNS (Domain Name System) servers for the past 17 years.
Tracked as CVE-2020-1350 and featuring a CVSS score of 10 (out of 10), the issue is triggered when the DNS server fails to properly handle requests, thus allowing a remote, unauthenticated attacker to run arbitrary code with SYSTEM privileges.
Discovered by researchers at Check Point, the security flaw affects systems running Windows Server 2003, 2008, 2012, 2016, 2019, and Windows Server version 1903 and is wormable, meaning that malware can abuse it to spread to vulnerable systems without user interaction. Thus, it could be abused to effectively compromise an entire corporate network.
Only the Windows DNS server implementation is affected, but not the Windows DNS client, Microsoft notes, adding that an attacker can trigger the bug by sending malicious requests to the Windows DNS servers.
The attack, however, requires very large DNS packets, and Microsoft notes that editing the registry to limit the size of TCP packets processed by the server is a viable workaround for the vulnerability. However, the workaround should be removed after applying the available patches.
Check Point explains that the vulnerability, which they named “SIGRed,” is an “Integer Overflow leading to Heap-Based Buffer Overflow” that can be triggered by sending a DNS response with a large SIG record.
In addition to being exploitable by an attacker ..
Support the originator by clicking the read the rest link below.
