Latest in Gear

Image credit: picture alliance via Getty Images

Microsoft is patching a dangerous Windows DNS Server exploit

SigRed is a dangerous flaw that should be patched immediately.
283 Shares
Share
Tweet
Share

Sponsored Links

23 November 2018, Saxony, Dresden: Network cable in the server room of the state enterprise Sächsische Informatik Dienste. On the same day, a press conference simulated a cyber attack scenario on a computer system. In the course of the simulated attack, the further development of e-government regulations was also explained. Photo: Sebastian Kahnert/dpa-Zentralbild/dpa (Photo by Sebastian Kahnert/picture alliance via Getty Images)
picture alliance via Getty Images

Security researchers have discovered a serious flaw in Windows’ Domain Name System software that users must patch immediately. Sagi Tzaik from Check Point found a way to run malicious code which can be used to hijack websites, intercept emails, steal private information and take sites offline. Microsoft has already acknowledged the issue and has issued a fix in today’s Patch Tuesday update, which it urges all users to download immediately. 

The vulnerability has been codenamed SigRed and Check Point says it affects Windows Server versions from 2003 to 2019. Microsoft said that the flaw is “wormable,” enabling hackers to take over multiple machines at once and causing large amounts of damage. That’s especially a risk for big corporate customers that run their own platforms, especially since the exploit is fairly easy to take advantage of.

Check Point’s Omri Herscovici said in a statement that a “DNS server breach is a very serious thing,” since it “puts the attacker just one inch away from breathing the entire organization.” Herscovici added that the fact that the exploit was in the wild for “more than 17 years” means that it’s likely that other attackers may have found, and have taken advantage, of the issue. 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
283 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Apple Watch Series 5 drops to $299 at Walmart

Apple Watch Series 5 drops to $299 at Walmart

View
These AI-generated tennis matches are both eerie and impressive

These AI-generated tennis matches are both eerie and impressive

View
DC Universe content is 'migrating' to HBO Max

DC Universe content is 'migrating' to HBO Max

View
Facebook forms financial group to focus on payments

Facebook forms financial group to focus on payments

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr