Microsoft issues patch for wormable Windows DNS Server flaw

Microsoft is issuing a patch for a severe Windows DNS vulnerability that could allow attackers to gain control of targets' entire IT infrastructure.
(raymondclarkeimages / Flickr)

Microsoft is issuing a patch for a severe and wormable Windows Domain Name System Server vulnerability that could allow attackers to execute arbitrary code against targets and gain control of targets’ entire IT infrastructure.

The vulnerability, which was uncovered by a researcher at Check Point, would allow hackers to intercept and interfere with users’ emails and network traffic, tamper with services, and steal users’ credentials, by exploiting Windows’ Domain Name System (DNS) Server; DNS is essentially the protocol that translates between website names and their corresponding IP addresses.

The vulnerability can be triggered by a malicious DNS response, which could lead to a heap-based buffer overflow, according to Check Point. The vulnerability, which Check Point has dubbed SigRed, is widespread as it affects all Windows Server versions, according to Microsoft.

It’s the third serious vulnerability Microsoft has addressed just this month, following the emergency disclosure and patching of two critical vulnerabilities affecting Windows 10 and Windows Server distributions. Those disclosures were so important to address in a timely manner that the company made the decision to release patches outside of Patch Tuesday.


Microsoft has assigned the vulnerability, CVE-2020-1350, the highest possible risk score of 10 on the Common Vulnerability Scoring System. Wormable flaws can be particularly menacing as attacks exploiting them can spread from machine to machine without any human interaction. The WannaCry ransomware strain, which affected 300,000 machines in hundreds of countries in 2017, for instance, was wormable.

Microsoft said it has not seen hackers exploiting the vulnerability. But the vulnerability will be important to patch for governments and private entities alike. Hackers have seized on DNS-related hacking operations in recent years to target intelligence agencies, military organizations, energy firms, foreign ministries, and telecommunications firms to steal credentials, according to security researchers. During the pandemic hackers have taken advantage of DNS to target home routers as teleworking surged around the globe.

Check Point’s vulnerability research team leader, Omri Herscovici, said in a statement the flaw could allow hackers to essentially gain control of an entire organization, warning that it’s possible other researchers or nefarious actors asides from Check Point could have learned of this vulnerability years ago and exploited it.

“A DNS server breach is a very serious thing. Most of the time, it puts the attacker just one inch away from breaching the entire organization,” Herscovici said. “This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Sagi Tzaik, a vulnerability researcher at Check Point, uncovered the vulnerability and shared the information with Microsoft in May, Check Point said in a release.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts