The vulnerability could have allowed attackers to send malicious DNS queries to the Windows DNS server to achieve arbitrary code execution
Researchers at Check Point, a cyber security firm, had identified a security flaw in Windows DNS, services provided by Microsoft for every Windows operating system, which could have allowed hackers to gain domain administrator rights over servers and take control over an organisation’s IT infrastructure.
Microsoft has acknowledged the flaw and released a patch to fix it.
The critical vulnerability named SigRed by Check Point has been in Microsoft’s code for more than 17 years, claimed researchers.
In a statement published on the company’s security response team website, Microsoft announced that it has released an update for the remote code execution (RCE) vulnerability.
Microsoft assured that the vulnerability is not currently known to be used in active attacks and customers should apply Windows updates as soon as possible.
Microsoft will classify SigRed as a high risk vulnerability with a score of CVSS:10.0 due to its wormable nature, which means a single exploit can cause a chain reaction and spread from one computer to all the other computers in an organisation.
“A DNS server breach is a very serious thing. Most of the time, it puts the attacker just one inch away from breaching the entire organization. There are only a handful of these vulnerability types ever released. Every organisation, big or small, using Microsoft infrastructure is at major security risk, if left unpatched,” Omri Herscovici, Check Point’s Vulnerability Research team leader said in a statement.
According to Check Point, the vulnerability could have allowed attackers to send malicious DNS queries to the Windows DNS server to achieve arbitrary code execution.
If successful, the hacker would have gained domain administrator rights over the server, intercepted and manipulated user emails and network traffic, harvested user credentials and made services unavailable.
DNS is equivalent to a phonebook of the Internet which allows devices to find specific web servers and access information hosted on them. It works by converting a hostname into an IP address.
A June report by IDC shows that India suffered the highest number of DNS (domain name system) attacks, with 12.13 attacks per organisation, in 2020.