This huge vulnerability called SigRed was discovered by security researchers at Check Point, who together with Microsoft strongly recommend updating immediately to avoid the next cyber pandemic. This is because the bug is “wormable”, that is, it can spread from one computer to another without the need for human interaction and has a potential for catastrophic infection like the crisis caused by the unforgettable Wannacry and NotPetya.
First thing first, DNS is the translators of the web. When we access any website, the DNS client is the one that generates the requests in order to know the IP address to which the domain you are trying to access corresponds. For example, if you type in the browser “genbeta.com”, the browser requests the IP from a server. The DNS servers answer these requests from their registry and tell the computer the IP of the site, resolving the address. That way we don’t have to remember IPs because DNS does that job for us.
This vulnerability was classified as CVSS 10.0, the highest possible risk score, this critical vulnerability, named SigRed, affects versions of Windows servers from 2003 to 2019.
How SigRed works
The vulnerability discovered lies in the way that the Windows DNS server parses an incoming query, as well as in the analysis of the response to a query. In the case of being malicious, a buffer overflow is triggered, which allows the cybercriminal to take control of the server.
The severity of this security flaw is demonstrated by the fact that Microsoft describes it as ‘wormable’, which means that a single exploit can trigger the spread of attacks without the need for any human interaction. A single compromised computer could be a “super propagator”, allowing the attack to spread through an organization’s network in a few minutes.
A breach in the DNS server is a very serious vulnerability, since, in most cases, it leaves the cybercriminal in a privileged position to generate a security breach in a corporate network. Every business, large or small, that uses Microsoft’s infrastructure faces a huge security risk, if left unpatched. The risk would involve a complete breakdown of the entire corporate network.
On May 19, Check Point disclosed its findings to Microsoft, which recognized the security breach and has already published a security patch (CVE-2020-1350). Cybersecurity company experts strongly recommend Windows users to patch their affected DNS servers to avoid the effects of this vulnerability
