Patch & exploit available for 17 year-old SIGRed RCE flaw in Windows DNS Server

Microsoft Security Teams announced the release of a patch that fixes a critical bug affecting the Windows system’s DNS server, which could allow threat actor groups to take control of the entire IT infrastructure of a target organization.

Security reports indicate that this is a Remote Code Execution (RCE) vulnerability identified as CVE-2020-1350. The flaw affects versions from Windows Server 2003 to 2019 and could automatically propagate from one system exposed to another without user interaction.

Because of its features, researchers consider this a risk flaw similar to BlueKeep, a dangerous vulnerability in Remote Desktop Protocol (RDP). Another similar flaw is EternalBlue.

The researchers also noted that CVE-2020-1350 could be exploited for hackers to intercept users’ emails and network traffic, steal login credentials, and compromise other services by exploiting the Windows DNS server.

Because the service runs with elevated privileges, hackers who manage to exploit the flaw could gain administrator rights in an affected domain, compromising the attacked structure completely. This flaw was discovered a few weeks ago by Check Point researcher Sagi Tzadik, who briefed it on to Microsoft shortly. Apparently the vulnerability is caused by a malicious DNS response, which could lead to a heap-based buffer overflow. The researcher suggests that the flaw could have been in the operating system code for more than 15 years.

According to Microsoft’s scoring system, the flaw received a score of 10, so it is considered a critical vulnerability. There are so far no known cases of active exploitation, although this may change in the coming weeks.

Microsoft included fixes for this flaw in its July of Julo security patches, so users of affected deployments are encouraged to update as soon as possible. The company also revealed a registry-based workaround that can be functional for system administrators who are unable to restart their servers.