Microsoft urges patching severe-impact, wormable server vulnerability

Enlarge / A data center stock photo. I spy with my little eye some de-badged EMC Symmetrix DMX-3 or DMX-4 disk bays at right and some de-badged EMC CX disk bays at left. Disk arrays like these are a mainstay of traditional enterprise data center SANs. (credit: Bryce Duffy / Getty Images)

Microsoft is urgently advising Windows server customers to patch a vulnerability that allows attackers to take control of entire networks with no user interaction and, from there, rapidly spread from computer to computer.

The vulnerability, dubbed SigRed by the researchers who discovered it, resides in Windows DNS, a component that automatically responds to requests to translate a domain into the IP address computers need to locate it on the Internet. By sending maliciously formed queries, attackers can execute code that gains domain administrator rights and, from there, take control of an entire network. The vulnerability, which doesn’t apply to client versions of Windows, is present in server versions from 2003 to 2019. SigRed is formally tracked as CVE-2020-1350. Microsoft issued a fix as part of this month's Update Tuesday.

Both Microsoft and the researchers from Check Point, the security firm that discovered the vulnerability, said that it’s wormable, meaning it can spread from computer to computer in a way that’s akin to falling dominoes. With no user interaction required, computer worms have the potential to propagate rapidly just by virtue of being connected and without requiring end users to do anything at all.

Read 7 remaining paragraphs | Comments

from Tech – Ars Technica https://ift.tt/307U0uh