Microsoft has warned of a critical vulnerability which has been present in Microsoft’s Windows DNS Server for over 17 years. The vulnerability discovered by Check Point researchers and reported to Microsoft in May could be exploited to gain Domain Administrator privileges and compromise the entire target’s corporate infrastructure.
The vulnerability, dubbed SIGRed, is tracked as CVE-2020-1350. It is a remote code execution flaw, which affects Windows Server versions 2003 to 2019 and can be triggered by a malicious DNS response, which could lead to a heap-based buffer overflow. The flaw has received a CVSS score of 10, which is the maximum rating for a security vulnerability.
“As the service is running in elevated privileges (SYSTEM), if exploited successfully, an attacker is granted Domain Administrator rights, effectively compromising the entire corporate infrastructure,” Check Point explains.
The vulnerability resides in Microsoft’s DNS implementation that can be exploited when the server parses an incoming query or a response for a forwarded request. The researchers found an integer overflow that leads to heap-based buffer overflow in “dns.exe!SigWireRead,” which is the function that parses response types for SIG queries.
“To summarize, by sending a DNS response that contains a large (bigger than 64KB) SIG record, we can cause a controlled heap-based buffer overflow of roughly 64KB over a small allocated buffer,” they said.
The following systems are impacted:
Windows Server 2008 Service Pack 2
Windows Server 2008 Service Pack 1
Windows Server 2012 R2
Windows Server 2019
Windows Server version 1909
The vulnerability has been patched as part of July 2020 Patch Tuesday release. Microsoft said it is not aware of attacks exploiting CVE-2020-1350. July’s Patch Tuesday release also contains security updates for 122 vulnerabilities in various Microsoft products, including fixes for RCE bugs in Microsoft Word, Microsoft Excel, Microsoft Office, Microsoft Outlook, Microsoft Sharepoint, Windows LNK shortcut files, and various Windows graphics components.