https://www.itnews.com.au/news/windows-dns-servers-susceptible-to-wormable-17-year-old-sigred-flaw-550482
By Juha Saarinen & Ry Crozier
itnews.co.au
July 15, 2020
Admins urged to patch.
A critical 17-year-old vulnerability has been uncovered in all Windows DNS
servers, with administrators being urged to apply a workaround or patch
from Microsoft as soon as possible.
The vulnerability, which has been given the name SigRed, was uncovered by
Check Point Research and assigned the reference CVE-2020-1350.
The vulnerability stems from a flaw in how Windows DNS server handles
signature (SIG) record queries.
A malicious SIG record over 64 kilobytes in size causes a heap buffer
overflow allowing attackers to execute code with high privileges remotely,
and take over vulnerable servers remotely.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
