Microsoft has released a patch to fix a critical, 17-year-old vulnerability in Windows DNS Server that has been classified as a “wormable” flaw. Named “SigRed”, the latest vulnerability is found to have an impact on Windows Server versions 2003 to 2019.
It could allow an attacker to compromise a Windows Server-based corporate infrastructure once exploited and can leak emails as well as network traffic of an organization after receiving malicious domain name system (DNS) queries through a vulnerable server.
A single exploit can cause a series of reactions and let attackers gain access from one computer to another. Check Point researcher Sagi Tzaik discovered the security flaw in the Windows DNS Server and disclosed the findings on May 19 to Microsoft.
Read more at Gadgets 360