Critical Windows DNS Server Vulnerability Patched - Update

Summary

Microsoft released a patch to address CVE-2020-1350 , a remote code execution vulnerability in Windows DNS Server. Exploiting the vulnerability, dubbed “SIGRed,” could allow a threat actor to gain Domain Administrator rights over the server and compromise an entire network infrastructure. The critical vulnerability affects all versions of Windows DNS Server and is the result of a flaw in the way the server parses an incoming DNS query and responds to a forwarded DNS query. A threat actor could take full control of a server by causing a malicious DNS query to trigger a heap-based buffer overflow. This is considered a “wormable” vulnerability, which means it has the potential to enable malware to spread across systems on a network without user interaction. Patches have been developed and are available.

Recommendations

The NJCCIC recommends administrators update systems as soon as possible after appropriate testing. If patching is not feasible, apply the workaround provided by Microsoft in their advisory. Additional information and technical details can be found in the Microsoft blog post and Checkpoint research post.