Microsoft today patched a critical and wormable remote code execution (RCE) vulnerability in the Windows DNS Server that affects Windows Server versions 2003 to 2019. The likelihood of exploitation is high, according to the Check Point researchers who found this 17-year-old flaw.
Windows Domain Name System Server, the Microsoft implementation of DNS servers, is a core component of a Windows Domain environment. CVE-2020-1350, which has a CVSS base score of 10, exists in Windows DNS servers when they fail to properly handle requests. An attacker who successfully exploits it could run arbitrary code in the context of the Local System account.
The vulnerability is wormable, meaning it has the potential to spread between vulnerable DNS servers without user interaction. While there is no evidence the flaw is being used in active attacks, experts are worried it will be. Microsoft has ranked it as 1, or "exploitation more likely."
An attacker could exploit this bug by sending malicious requests to an affected Windows DNS server. Because the service runs with elevated privileges, successful exploitation could grant an attacker domain administrator rights and threaten the entire business network, the Check Point team says in their full report on the bug.
"The attacker would need limited (weak) access to the organization, either by Wi-Fi, malware running on an endpoint, or even a user clicking on a malicious link," says Omri Herscovici, who heads up Check Point's vulnerability research team. "The attacker would then be able to exploit the vulnerability and gain control over the Windows DNS Server." From there, they would be able to access ..
Support the originator by clicking the read the rest link below.
