Microsoft fixes a serious vulnerability that has existed for 17 years in Windows Server
The reason why SIGRed is rated at maximum severity, 10 out of 10, is because it is a remote code execution vulnerability that directly affects a wide range of Windows Server editions (from 2003 to 2019). ), and in the case of successful exploitation, SIGRed will pave the way for hackers to take over Domain Administrator privileges, thereby acquiring the entire infrastructure of the victim's organization / business.
In addition, SIGRed is also dangerous at the 'malware characteristics' it possesses, meaning that a successful exploit session could automatically propagate to other vulnerable Windows systems across the network. No need for user interaction as a bridge. This feature puts it on a par with the serious well-known vulnerabilities that have been recorded as EternalBlue in Server Message Block (SMB) and BlueKeep on Remote Desktop Protocol (RDP).
SIGRedSIGRed vulnerability
The Domain Name System (DNS) can be thought of as the 'telephone directory' of the Internet, allowing clients to connect to the server to access resources. This model maps domain names to IP addresses to allow connecting to the right query server.
Researchers at Check Point Security have discovered a flaw in Microsoft's DNS implementation that could be exploited when the server parses an incoming query or responds to a forwarded request. They found an integer overflow that led to a heap-based buffer overflow in 'dns.exe! SigWireRead' - a function that analyzes feedback types for SIG queries.
So basically, it is possible to exploit the vulnerability in the target DNS server by answering one of its queries with a SIG response large enough to trigger the error. In addition, the researchers found that a SIGRed exploit does not need to be on the same network as the destination DNS server, because DNS data can be transmitted over TCP connections, supported by Windows DNS. . As such, the destination server analyzes the data as a DNS query even if it is sent as an HTTP payload.
Besides, because the Windows DNS server supports 'Connection Reuse' and 'Pipelining', an attacker can launch some queries over TCP connection without waiting for a reply.
The flaw has existed for 17 years
This vulnerability has existed in Microsoft's code for over 17 years, and the patch was only released by Microsoft on July 14. In the event that the patch cannot be applied at this time, Microsoft recommends that the system administrator modify the registry to minimize the problem. The change takes effect after restarting the DNS service:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParameters DWORD = TcpReceivePacketSize Value = 0xFF00
After applying the patch, the administrator should revert to the original state changes by deleting the TcpReceivePacketSize value and its data.
Download the patch here
You should read it
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
- The NSA issued an urgent warning about a critical vulnerability appearing in Windows servers
- Hundreds of HP printer models contain vulnerabilities that allow remote code execution attacks
- Discovered a new zero-day vulnerability on macOS that allows attackers to run commands remotely
- Hundreds of thousands of IoT devices are likely to be attacked by vulnerabilities on the server
- A critical flaw in Internet Explorer forced Microsoft to release patches for Windows 7
- VMware patches RCE Spring4Shell vulnerability on a wide range of products
- Warning: Vulnerability in Windows' HTTP Protocol Stack attacks remote code execution, no authentication required
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Exploit code released puts Windows 10 20H2 and Windows Server 20H2 at risk
- Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting
Maybe you are interested
How to change DNS for Ubuntu, Linux
How to change DNS in Windows 10, increase network speed, access blocked websites
What is DNS, basic knowledge about DNS
How to change DNS on Windows 11/10/8/7 and macOS to surf the web and speed up the network
How to change DNS on Windows 11, surf the web, watch movies faster
How to change DNS on Windows 11 to increase Internet speed