Security News > 2020 > July > 17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers
A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more.
Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.
SigRed can be triggered remotely via a browser in limited scenarios, allowing an attacker to abuse Windows DNS servers' support for connection reuse and query pipelining features to "Smuggle" a DNS query inside an HTTP request payload to a target DNS server upon visiting a website under their control.
Given the severity of the vulnerability and the high chances of active exploitation, it's recommended that users patch their affected Windows DNS Servers to mitigate the risk.
Reg add "HKEY LOCAL MACHINESYSTEMCurrentControlSetServicesDNSParameters" /v "TcpReceivePacketSize" /t REG DWORD /d 0xFF00 /f. net stop DNS && net start DNS. "A DNS server breach is a very serious thing. Most of the time, it puts the attacker just one inch away from breaching the entire organization. There are only a handful of these vulnerability types ever released," Check Point's Omri Herscovici told The Hacker News.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/2H2fDSc_Stw/windows-dns-server-hacking.html
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows Server 2025 released—here are the new features (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)