Cybersecurity researchers today disclosed a new highly critical “wormable” vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019.
The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed ‘SigRed‘ by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and seize complete control of an organization’s IT infrastructure.
A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users’ emails and network traffic, make services unavailable, harvest users’ credentials and much more.
In a detailed report shared with The Hacker News, the Check Point researcher Sagi Tzadik confirmed that the flaw is wormable in nature, allowing attackers to launch an attack that can spread from one vulnerable computer to another without any human interaction.
“A single exploit can start a chain reaction that allows attacks to spread from vulnerable machine to vulnerable machine without requiring any human…
http://feedproxy.google.com/~r/TheHackersNews/~3/2H2fDSc_Stw/windows-dns-server-hacking.html