Security News > 2020 > July > 17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more.

Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.

SigRed can be triggered remotely via a browser in limited scenarios, allowing an attacker to abuse Windows DNS servers' support for connection reuse and query pipelining features to "Smuggle" a DNS query inside an HTTP request payload to a target DNS server upon visiting a website under their control.

Given the severity of the vulnerability and the high chances of active exploitation, it's recommended that users patch their affected Windows DNS Servers to mitigate the risk.

Reg add "HKEY LOCAL MACHINESYSTEMCurrentControlSetServicesDNSParameters" /v "TcpReceivePacketSize" /t REG DWORD /d 0xFF00 /f. net stop DNS && net start DNS. "A DNS server breach is a very serious thing. Most of the time, it puts the attacker just one inch away from breaching the entire organization. There are only a handful of these vulnerability types ever released," Check Point's Omri Herscovici told The Hacker News.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/2H2fDSc_Stw/windows-dns-server-hacking.html