Jeremy Herold

17-Year-Old Wormable Bug on the Loose

No Comments

Practically every small and medium-sized organization under bug threat

Microsoft recently released a patch for a bug discovered by Israeli security firm Check Point. That bug, named SigRed, has a potentially “wormable” vulnerability. This means an attack from this bug can spread from one machine to another without any human interaction (such as clicking malware) needed to induce the spread.

This particular bug has appeared in Microsoft’s implementation of the domain name system (DNS) protocol.

The SigRed bug works by exploiting Windows DNS, a software used to translate domain names into IP addresses. Windows DNS runs on the DNS servers of nearly every small and medium-sized organization in the world.

Microsoft and Check Point are warning that this flaw is considered critical, with a 10 out of 10 on the common vulnerability scoring system.

As Windows DNS software often runs on the domain controllers that set the rules for networks, this is especially concerning, as an infection on this server would allow for other devices within an organization to be compromised.

The SigRed vulnerability works by exploiting a piece of data that’s part of the key exchange used in the more secure version of DNS known as DNSSEC.

With that one piece of data compromised, a hacker can overwrite chunks of memory that they’re not meant to have access to. This allows them to ultimately gain full control of the server.

It may also be possible to exploit the vulnerability through a link in a phishing email. Through that link, hackers could initiate the same key exchange on the DNS server through the victim’s browser.

While most large organizations use the BIND implementation of DNS that runs on Linux servers, smaller organizations should be concerned about this vulnerability of their Windows DNS and run this patch immediately, especially if any architectural changes to networks have been made to allow employees to work from home.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648

Subscribe to our newsletter!

There is no form with title: "subscribe". Select a new form title if you rename it.

More from our blog

See all posts
No Comments
Jeremy Herold information