Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Windows DNS servers susceptible to wormable 17-year-old SigRed flaw

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 15 Jul 2020 05:03:14 +0000 (UTC)
https://www.itnews.com.au/news/windows-dns-servers-susceptible-to-wormable-17-year-old-sigred-flaw-550482

By Juha Saarinen & Ry Crozier
itnews.co.au
July 15, 2020

Admins urged to patch.
A critical 17-year-old vulnerability has been uncovered in all Windows DNS servers, with administrators being urged to apply a workaround or patch from Microsoft as soon as possible.
The vulnerability, which has been given the name SigRed, was uncovered by Check Point Research and assigned the reference CVE-2020-1350.
The vulnerability stems from a flaw in how Windows DNS server handles signature (SIG) record queries.
A malicious SIG record over 64 kilobytes in size causes a heap buffer overflow allowing attackers to execute code with high privileges remotely, and take over vulnerable servers remotely. 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/
Previous By Date Next
Previous By Thread Next

Current thread: