Checkpoint security has found a worm exploitable vulnerability in Windows domain name system server, which may lead to heap based buffer overflow, so that hackers can intercept and interfere with users' e-mail and network traffic, tamper with services, steal user's credentials, etc.
Known as sigred, Microsoft explained in cve-2020-1350 (Windows DNS server remote code execution vulnerability)
"There is a remote execution code vulnerability in Windows DNS servers when they are unable to properly process requests. An attacker who successfully exploits this vulnerability can run arbitrary code in the context of the local system account. Windows servers configured as DNS servers are threatened by this vulnerability. "
To exploit this vulnerability, an unauthorized attacker can send a malicious request to windows.
According to the IT house, Microsoft has scored 10 / 10 for this vulnerability on the "common vulnerability scoring system", which is the highest level. Microsoft said, They haven't seen the vulnerability being widely exploited and are lucky to have released a patch.
"DNS server is a very serious thing. In most cases, it's only an inch away from the attacker to destroy the tissue. " Omri Herscovici, head of the check point vulnerability research team, said. "This vulnerability has existed in Microsoft code for more than 17 years; therefore, if we find it, it is impossible not to assume that someone else has discovered it."
Microsoft has released patches for Windows Server 2008 and later. You can click the link below to view.
Official solution: http://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/CVE-2020-1350