BrandPost: SIGRed: What Is It, How Serious Is It, and How Should You Respond?

Executive Summary

On July 14th, 2020, Microsoft disclosed a vulnerability in the Microsoft DNS Server subsystem affecting all modern versions of Microsoft DNS. This vulnerability allows attackers to leverage malformed DNS responses to trigger remote code execution on unpatched Microsoft DNS servers without the need for authentication. A sufficiently capable attacker can leverage this vulnerability to obtain remote administrative access to Microsoft DNS Servers, which typically cohabitate with Microsoft Active Directory servers.

In other words this vulnerability bypasses the majority of built-in security checks and security architecture while providing direct access to an organization's critical infrastructure. Additionally this vulnerability is "wormable", indicating that the attack is easily automated and can spread without user intervention via malware.

To read this article in full, please click here

Uncategorized