Microsoft released a patch today that fixes what appears to be a major, long-standing flaw in the Windows Domain Name System. The patch, which is bundled in with the regular Tuesday Windows update, fixes the SigRed flaw, which was discovered by Israeli security firm Check Point, Wired reported.
The DNS is kind of like a phonebook, and your Internet Protocol address is kind of like your phone number. Every computer is assigned a unique IP address through its network provider, and the DNS translates domain names to IP addresses. It’s like looking for your phonebook, finding your best friend’s name, and hitting the call button. Your phone and phone numbers are what allow you to connect. In a similar manner, the DNS is needed so your browser can load a website. SigRed not only exploits Windows DNS, but it’s also a “wormable” bug, which means it can spread from one computer to another via the DNS.
Both Check Point and Microsoft say that is is a critical flaw, Wired reported, scoring a 10 out of 10 on the common vulnerability scoring system (CVSS), which is an industry standard for assessing computer security issues. Windows DNS is used on the servers of “practically every small and medium-sized organization in the world,” according to Wired, so it’s obviously a major issue—even more so because it’s gone unnoticed for the last 17 years.
This particular security flaw is located in Windows Domain Name System Security Extensions (DNSSEC), which strengthens DNS authentication. Without DNSSEC, it’s much easier for a hacker to intercept DNS queries and redirect you to a fake website that might trick you to enter personal information, like your credit card number or social security number, and steal your identity. Small and medium online retail businesses that use Windows DNS could be especially vulnerable to SigRed.
If that wasn’t bad enough, Omri Herscovici, Check Point’s head of vulnerability research, told Wired that Windows DNS can be exploited without any action taken by the target user. Someone who has been hacked wouldn’t even realize that an unknown individual has gained access and control of their server.
“Once you’re inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy,” Herscovici said.
For the attack to work remotely, the target DNS server would have to be exposed directly to the internet, which Herscovici says is rare since most administrators run Windows DNS behind a firewall. However, if a hacker can get access to a company’s wifi or LAN, they can still take over the server. Check Point also warns that any companies that made architectural changes to their networks so their employees could work at home during the covid-19 pandemic might have inadvertently made themselves more vulnerable to this kind of attack.
While SigRed hasn’t been exploited as of now, it’s important to patch your servers and PCs before it is. Herscovici likened SigRed to 2017's WannaCry ransomware cryptoworm attack that targeted Windows machines by locking the computers and demanding ransom payments in cryptocurrency (between $300-$600). The outbreak lasted just four days, but affected more than 200,000 computers across 150 countries in hospitals, schools, businesses, and homes. Paying the ransom did not unlock the computers, either.
If this concerns you (and it should), immediately download and install today’s Windows update. You can access this from Settings, or just type ‘updates’ into your taskbar search bar.