Author: Mike Nerek

Date: 15th July 2020

 

Yesterday, Microsoft released a patch to a 17-year-old critical vulnerability that researchers Sagi Tzadik and Eyal Itkin at Check Point Research recently unearthed in Windows’ DNS server software. The vulnerability allows for total system compromise, scoring it a 10 on the Common Vulnerability Scoring System.

 

Microsoft included the security update in yesterday’s patch Tuesday update, on July 14th. Thanks to our continuous monitoring capabilities, Oversight clients have already been notified about any instances on their networks. We have also offered all our clients a complimentary scan to determine whether they were affected. If you’re concerned or would like a complimentary scan of your network perimeter, please get in touch.

 

The vulnerability is a heap-based buffer overflow, triggerable via a specifically crafted DNS request. It is accessible not only locally, but also through DNS over TCP, meaning numerous environments can be compromised unauthenticated over the internet. Researcher Sagi Tzadik said:

 

“… if [SIGRed is] exploited successfully, an attacker is granted Domain Administrator rights, effectively compromising the entire corporate infrastructure.”

 

The mitigation is available as a security patch right now. Where patching is unavailable a temporary workaround has been released by Microsoft. The workaround sets an upper limit on the size of inbound DNS requests that the server will process, thusly preventing the buffer overflow. A full patch of all affected systems is still advised where possible.

Other resources

Cyber Success Stories

Cyberfort’s cybersecurity consultants work with everyone from public sector bodies and global businesses to SMEs and start-ups. Read our success stories here..
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Receive knowledge to your inbox