Better late than never—Microsoft has released an update to a major vulnerability that is some 17 years old.
Microsoft and security researchers are keen to prevent another WannaCry disaster, which has prompted a renewed focus on Windows vulnerabilities. Israeli security firm Check Point has discovered a vulnerability, called SigRed, that has the potential to be just as bad.
The vulnerability scores a CVSS Base score of 10, meaning it is as bad of a vulnerability as can exist. Microsoft also describes it as “a wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction. DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts.”
According to Check Point, every version of Windows Server, from 2003 to 2019, are equally vulnerable. This gives hackers an enormous target to take advantage of. Microsoft has released an update today, as part of Patch Tuesday. All organizations are strongly encouraged to update immediately.
“We strongly recommend users to patch their affected Windows DNS Servers in order to prevent the exploitation of this vulnerability,” says Check Point. “We believe that the likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug, which means a determined hacker could also find the same resources. In addition, some Internet Service Providers (ISPs) may even have set up their public DNS servers as WinDNS.”
System admins should waste no time applying this patch, as hackers will waste no time trying to take advantage of SigRed.