Microsoft Sounds Alarm on “Wormable” DNS Server Vulnerability

Microsoft is sounding the alarm on a nearly 20-year old Windows DNS Server flaw that it has categorized as “Wormable.” The flaw called SigRed can potentially give hackers the ability to build malicious DNS queries that can potentially crash or hijack servers.

“Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction,” noted Mechele Gruhn, an important Microsoft security program manager. “Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, customers must apply Windows updates to address this vulnerability as soon as possible.”

A Check Point For All

The existence of this particular Windows DNS security flaw was recently brought to light by researchers at the Israeli security firm Check Point, who communicated the information to Microsoft in May this year. The flaw if not fixed puts Windows servers at risk of attacks. Microsoft however says it has yet to find evidence that the security flaw is currently being maliciously exploited.

A patch that corrects the issue has been released today on all variants of Windows Servers. System administrators are expected to download the patch and armor their servers against the new threat before hackers take advantage of the newly discovered point of vulnerability.

Underlining the seriousness of the situation, Omri Herscovici who is the Check Point vulnerability research team boss notes as follows: “A DNS server breach is a very serious thing.“There are only a handful of these vulnerability types ever released. Every organization, big or small using Microsoft infrastructure is at major security risk, if left unpatched. The risk would be a complete breach of the entire corporate network. This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

He also warned that attackers can exploit the vulnerability without the target having performed a concomitant action: “It requires no interaction. And not only that, once you’re inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy,” says Omri Herscovici. “It’s basically game over.”

Windows 10 Not Affected

Windows 10 and other Windows client variants are not at risk from the new security flaw. This is because the flaw only has security implications for Windows DNS Server implementation. Microsoft is releasing what appears to be a workaround. This is based on a registry-based fix that will take effect if admins cannot patch their servers as quickly as they need to.

To show how serious the threat is, Microsoft has assigned it its maximum risk score. This is 10 on the CVSS (Common Vulnerability Scoring System) and makes the latest flaw more serious than the vulnerabilities that led to the global disaster that was WannaCry. The vulnerabilities that were exploited in that particular attack only merited a score of 8.5 on the CVSS, which means the latest security flaw is the equivalent of an imminent all-out attack by alien forces that can only be fought to a finish if all system admins speedily download and install the security patch they are supposed to. 

But will they?

Leave a Reply

Your email address will not be published. Required fields are marked *