DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
August 11, 2020 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 132 people online.

 

Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
 

Follow us
RSS
 

Patch Tuesday: Windows Server gets protection against wormable DNS vulnerability

Posted on Wednesday, July 15 2020 @ 09:30:23 CEST by


MSFT logo
This month's dose of Patch Tuesday updates from Microsoft includes a critical update for Windows Server versions from 2003 to 2019. The CVE-2020-1350 bug is very grave, it resides in the Windows DNS component and requires no user interaction as it can be triggered by sending a specially crafted DNS request to an unpatched server. The attacker then basically gains full control over the server. To make matters even worse, the "SIGred" bug is wormable and security researchers speculate an attack could likely infect the whole population of vulnerable computers on the Internet in almost no time, similar to what happened with the SQL Slammer exploit in 2003:
“If I’ve understood the article correctly, calling it ‘wormable’ is actually an understatement,” Vesselin Vladimirov Bontchev, a security expert who works for the National Laboratory of Computer Virology in Bulgaria, wrote on Twitter. “It’s suitable for flash worms a la Slammer, which infected the whole population of vulnerable computers on the Internet in something like 10 minutes flat.”

Bontchev was disagreeing with fellow security researcher Marcus Hutchins, who said he thought it was more likely attackers would exploit SigRed in an attempt to wage crippling ransomware campaigns. In that scenario, attackers would take control of a network’s DNS server and then use it to push malware to all connected client computers. Slammer is a reference to SQL Slammer, a worm from 2003 that exploited two vulnerabilities in Microsoft’s SQL Server. Within 10 minutes of being activated, SQL Slammer infected more than 75,000 machines, some of them belonging to Microsoft.
Client versions of Windows 10 are not affected by this bug but the software giant does have other patches that plug holes in Windows 10. In total, this month's Patch Tuesday fixes 123 vulnerabilities.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba