Update Windows PCs to patch 17-year-old bug that's worse than WannaCry, Microsoft urges
The bug, called SigRed, could give hackers control over an entire network
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Microsoft users will finally get a fix for a 17-year-old bug that’s existed in the company’s software.
The bug, which was tracked as CVE-2020-1350, was patched out of Microsoft Windows Server on 14 July.
The flaw was rated 10 out of 10 on CVSS, the vulnerability scoring system.
“A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability” Microsoft’s note reads.
“To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.”
DNS stands for Domain Name System, which translates IP addresses into URLs and is the equivalent of the phone book of the internet.
Windows DNS is one of the most popular kinds of DNS software.
It affects all Windows Server versions, from 2003 to 2019, and had the potential to spread via malware without user interaction.
This could have given hackers the ability to gain access to one machine and use it to access others, similar to the Wannacry bug, which was rated an 8.5 on the CVSS scale.
If a hacker could get access to the local network, via corporate WiFi or an ethernet cable, they could trigger a server takeover.
It is possible such an action could be achieved with a phishing email – an email that pretends to be from a trusted source in order to spread malicious code.
A naïve user clicking that email would give the hacker full control of the DNS server.
The bug “requires no interaction. And not only that, once you’re inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy,” Omri Herscovici, Check Point's head of vulnerability research, told Wired. “It’s basically game over.”
“While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible,” Mechele Gruhn, Principal Security Manager, at Microsoft, said.
The bug was discovered by researcher Sagi Tzaik, who works for Israeli security firm Check Point, and has been named SigRed.
Although there is no evidence that the bug has been used, the possibility cannot be ruled out.
“We believe that the likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug,” Check Point told ZDNet.
“Due to time constraints, we did not continue to pursue the exploitation of the bug (which includes chaining together all of the exploitation primitives), but we do believe that a determined attacker will be able to exploit it.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments