Friday, April 26, 2024

Microsoft Patches Critical Wormable 17-Year-old Windows DNS Server Flaw that Affects Windows Server Versions 2003 to 2019

By Guru baran

Windows DNS Server

Microsoft patched a critical 17-Year-old vulnerability with Windows DNS Server that can be triggered by an attacker with malicious DNS response.

The Windows DNS Server is an essential part of the Windows Domain environment and runs the DNS queries on Windows Server.

The vulnerability dubbed SIGRed (CVE-2020-1350) is wormable and it receives a CVSS base score 10/10, and it can be triggered by an attacker with malicious DNS response.

SIGRed (CVE-2020-1350)

The DNS security flaw in Windows DNS discovered by Check Point and reported to Microsoft back in May. Now patch available for supported versions of Windows Servers.

Researchers found a Heap-Based Integer Overflow “dns.exe!SigWireRead,” with the function that parses the SIG queries.

SIG “Signature record” is a DNS record type used in (RFC 2931) and TKEY (RFC 2930), from RFC 3755, RRSIG is designated as a replacement for SIG to use with DNSSEC.

“To summarize, by sending a DNS response that contains a large (bigger than 64KB) SIG record, we can cause a controlled heap-based buffer overflow of roughly 64KB over a small allocated buffer.”

To trigger the vulnerability researchers first tried by sending a 65,535 bytes DNS message, but found that a single DNS message limited to 512 bytes alone cannot trigger the vulnerability.

So to achieve the attack researchers used DNS name compression in DNS response to increasing the size of the allocation by a large amount.

Exploiting Remotely

The vulnerability can be triggered remotely through an HTTP payload, by “sending it to the target DNS server on port 53 causes the Windows DNS Server to interpret this payload as if it was a DNS query.”

With the popular servers such as Google Chrome and Mozilla Firefox does not allow DNS request over port 53, it would be exploited only with non-Chromium based browsers such as Internet Explorer and Microsoft Edge.

Microsoft manages both the DNS client and DNS server in two different modules, but the vulnerability resides only with the DNS server, as the client version not validate the Sig_RecordRead+D0.

The vulnerability is rated as highly-severe one and the chance for exploitation is high. Successful exploitation of this vulnerability would have a severe impact.

Users are recommended to patch their affected Windows DNS Servers to prevent the exploitation of this vulnerability.

As a temporary workaround, Check Point suggests setting the maximum length of a DNS message (over TCP) to 0xFF00, which should eliminate the vulnerability.

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters” /v “TcpReceivePacketSize” /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS

Microsoft releases patches for the SIGRed vulnerability and advised users to patch for the vulnerability immediately. If you have auto updates enabled, then no user action required.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Microsoft Released Emergency Security Updates for Windows 10 to Fix Remote Code Execution Bugs

Microsoft Defender ATP Antivirus is now Available For Android Users in Public Preview

Microsoft Released a Largest-Ever Security Patch with the Fixes For 129 Vulnerabilities – Update Now

Managed WAF Protection

Website

Latest articles

CVE/vulnerability

NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication

Some router models have identified a security vulnerability that allows attackers to bypass authentication.To...
CVE/vulnerability

5000+ CrushFTP Servers Hacked Using Zero-Day Exploit

Hackers often target CrushFTP servers as they contain sensitive data and are used for...
Cyber Attack

13,142,840 DDoS Attacks Targeted Organization Around The Globe

DDoS attacks are a significant and growing risk that can overpower websites, crash servers,...
CVE/vulnerability

Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike

Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt...
Cyber Attack

Microsoft Publicly Releases MS-DOS 4.0 Source Code

In a historic move, Microsoft has made the source code for MS-DOS 4.0, one...
Cyber Attack

New SSLoad Malware Combined With Tools Hijacking Entire Network Domain

A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which...
Cyber Security News

Palo Alto Networks Shares Remediation Advice for Hacked Firewalls

Palo Alto Networks has issued urgent remediation advice after discovering a critical vulnerability, designated...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]