No product is flawless. That is because their creators are humans, and humans have flaws.
Software is one of things humans create to aid certain tasks using computers. And they too can have flaws waiting to be found. In this case, Microsoft Windows DNS has had a wormable vulnerability that was around unnoticed for 17 years.
This vulnerability was so severe that it was rated a "perfect" 10 under the Common Vulnerability Scoring System (CVSS), highlighting the significant and immediate threat.
That high severity rating means that the vulnerability is easy to exploit and also likely to be exploited.
Microsoft has confirmed that such critical vulnerability exists in the Windows DNS server in July 14, during the "Patch Tuesday" security update.
The company advises all users using all versions of Windows Server is to update immediately.
Discovered by Check Point, the researchers at the Israeli security firm named it 'SIGRed', and is officially tracked as CVE-2020-1350.
SIGRed is a vulnerability within the Windows Domain Name System (DNS) service implementation.
It affects the DNS, which in simple terms, is the phone directory of the internet. DNS is what converts the plain text-based strings people all use to visit a website or send an email, into the more complex number strings that computers understand.
This particular security flaw is located in Windows Domain Name System Security Extensions (DNSSEC), which strengthens DNS authentication. Without DNSSEC, it’s much easier for hackers to intercept DNS queries and redirect users to a fake website that might trick them into entering enter personal information, like credit card number or social security number, and steal their identity.
This is possible because the bug triggers a heap-based buffer overflow, enabling hackers to take control of the server.
According to Microsoft that confirmed SIGRed, the company said that the vulnerability is wormable, meaning that it could propagate rapidly without user interaction, with crippling effects.
It can do this by achieving arbitrary code execution.
In other words, SIGRed can be as damaging as the WannaCry and NotPetya malware.
Mechele Gruhn, a principal security manager at the Microsoft Security Response Center, said that the vulnerability "affects all Windows Server versions."
While Gruhn said that there is no evidence that SIGRed is being exploited as of yet in any active attack scenario, it's "essential that customers apply Windows updates to address this vulnerability as soon as possible."
Explaining how serious this vulnerability is, Check Point’s vulnerability research team leader, Omri Herscovici, said "there are only a handful of these vulnerability types ever released," and "every organization, big or small using Microsoft infrastructure is at major security risk if left unpatched."
“Every organization big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network.”
"If we found it," Herscovici said, "it is not impossible to assume that someone else already found it as well."
Administrators that use the automatic updates facility need take no further action. Others may have to update it manually.
But if an update is not possible, users should apply a workaround, which involves a registry change to restrict the size of the biggest DNS response packets inbound. However, this method also means that the Windows DNS server will then be unable to resolve DNS names when the response from upstream servers is larger than 65280 bytes.
As a result, some queries can go unanswered, and "unanticipated failures" could be experienced.
So here, the workaround shouldn't be considered a permanent fix.