By 
A serious flaw that’s existed in Microsoft’s Windows DNS Server for as many as 17 years could be abused to acquire Domain Administrator privileges and affect the whole commercial infrastructure behind it.
Tracked as CVE-2020-1350 and named SIGRed, the vulnerability is a remote code execution that impacts Windows Server versions 2003 through 2019 and acquired the maximum severity rating, 10 out of 10.
It is wormable, which means that an exploit can spread automatically to weak machines on the network with no user interaction.
The Domain Name System (DNS) allows clients to connect to servers to access resources. Researchers at Check Point found a vulnerability in Microsoft’s DNS application that can be abused when the server analyzes an inbound request or a reply for a forwarded request.
In a fresh blog, the investigators explain how they managed to take advantage of the vulnerability in a target DNS server by replying to one of its queries with a SIG response big enough to generate the bug.
The researchers discovered that a cybercriminal abusing SIGRed does not have to be on the same network as the target DNS server, since DNS data can be carried over a TCP connection, buttressed by Windows DNS.
The target server will, as such, analyze the data as a DNS query even it is packaged as an HTTP payload.
It was also observed that since Windows DNS server backs “Connection Reuse” and “Pipelining,” a hacker can carry out many queries over a TCP connection without having to wait for a response.
Microsoft has patched a fix Tuesday.
“This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected,” Microsoft says.
“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” the company added. “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.”
While at the moment no evidence exists that the flaw has been exploited in the wild, the issue has been concealed in Microsoft’s code for 17 years, leading Check Point to suggest that it has been misused during this time.
“We believe that the likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug,” the company added. “Due to time constraints, we did not continue to pursue the exploitation of the bug (which includes chaining together all of the exploitation primitives), but we do believe that a determined attacker will be able to exploit it.”