Check Point have alerted Microsoft to a ‘CVSS 10.0 Wormable DNS server vulnerability’ in Windows Server 2003-2019. Exploitation of the vulnerability, which Check Point have named SIGRed, provides attackers with Domain Administrator privileges.
Check Point have created an IPS Signature which can be applied immediately on Check Point Firewalls running IPS and Check Point’s SandBlast Agent E83.11 also protects against this threat.
Check Point have written in more detail about the CVSS 10.0 Wormable DNS Server Vulnerability on their blog and Check Point Research, a separate division, have provided more detail in their research documents.
These updates are critical to ensuring that your systems are safe from exploitation and it is recommended they be prioritised as attackers will be looking to maximise their leverage in the coming days.
Microsoft State:
“An attacker who successfully exploited the vulnerability can run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.
The update addresses the vulnerability by modifying how Windows DNS servers handle requests.”
If you are unsure about what to change, or need help ensuring your systems are secure, Pentesec can help. Contact us on enquiries@pentesec.com or call us on 0845 519 1337 and one of our experts will talk you through everything you need.
