This Flaw Existed In Windows For 17 Years And Was Just Fixed Now, Do You Know It?

Dhir Acharya - Jul 15, 2020


This Flaw Existed In Windows For 17 Years And Was Just Fixed Now, Do You Know It?

Called SigRed, the flaw in Windows DNS existed for 17 years and no one noticed. Yesterday, Microsoft released a patch that fixes this flaw.

Yesterday, Microsoft rolled out a patch that fixes a major, long-standing flaw of the Windows DNS (Domain Name System). The patch came out alongside the regular Tuesday Windows update, fixing the SigRed flaw found by Israeli security company Check Point, according to Wired.

The DNS is like a phonebook and your IP (Internet Protocol) address is like your phone number. Each computer has a different IP address through its network provider while the domain names are translated to IP address by the DNS. Your browser needs the DNS to load a website like you need the phone book to search for a phone number.

SigRed exploits Windows DNS and it’s a wormable bug that can spread between computers through the DNS.

Screenshot 2020 07 14 At 10 34 48 Compressed
SigRed is a flaw in Windows DNS that has been around for 17 years

Microsoft and Check Point say that this flaw is critical as it scores 10/10 on the common vulnerability scoring system (or CVSS), an industry standard to assess security issues on computers. Every small, medium-sized organization worldwide uses Windows DNS, Wired revealed, so this flaw is really serious, not to mention it wasn’t found for 17 years.

This security flaw is in Windows Domain Name System Security Extensions that strengthens DNS authentication. Without this system, hackers can easily intercept DNS queries and redirect users to a fake site that may trick them into providing their personal information and steal your identity. Small-medium online retail businesses using Windows DSN are at the highest risk of being affected by SigRed.

Microsoft Windows Updates Cycle Arrows Laptop Mobi
Install the latest Windows update to patch this flaw

Even worse, hackers can exploit this vulnerability without needing the target to do anything. A person that has been hacked might not even realize their server has been accessed and controlled by a stranger.

“Once you’re inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy.”

To be attacked remotely, the target DNS server has to be exposed to the internet directly, which barely happens because Windows DNS is usually run behind a firewall. But if a hacker can access a company’s LAN or wifi, they can get access to the server.

The one lucky thing, however, is that the flaw hasn’t been exploited so far, but you still have to patch your PCs and servers before a hacker takes the chance. All you need to do is installing the latest Windows update on your computer by opening Settings or typing ‘updates’ into the search bar on your taskbar.

>>> How To Speed Up Windows 10 - Ten Tips You Should Keep In Mind

Comments

Sort by Newest | Popular

Next Story

Read more

OnePlus 8T Roundup: Price, Specifications, Design - Everything We Know So Far

Mobile- Sep 25, 2020

OnePlus 8T Roundup: Price, Specifications, Design - Everything We Know So Far

OnePlus 8T will be launched on October 14. Here is everything we have got about OnePlus' upcoming flagship, including specs, price, design, and more.

POCO X3 Arrives In India: Snapdragon 732G, 6,000mAh Battery, Affordable Price

Mobile- Sep 22, 2020

POCO X3 Arrives In India: Snapdragon 732G, 6,000mAh Battery, Affordable Price

The POCO X3 Indian version doesn't support NFC like the European version, but it has a larger 6,000mAh battery and a more affordable price tag.

How To Set Up Chromecast Device Using Your Android Phone

Gadgets- Sep 24, 2020

How To Set Up Chromecast Device Using Your Android Phone

Have you just bought a Chromecast and are wondering how to set up Chromecast device? Don't worry, we have you covered

New Leaks Say The Pixel 4a 5G Will Sport An 8MP Front-Facing Camera

Mobile- Sep 24, 2020

New Leaks Say The Pixel 4a 5G Will Sport An 8MP Front-Facing Camera

Over the past weeks, several specifications of the upcoming Google Pixel 4a 5G have been leaked all over the internet. What's new this time?

Russia To Supply 1.2 Billion Doses Of Sputnik V COVID-19 Vaccine

Features- Sep 23, 2020

Russia To Supply 1.2 Billion Doses Of Sputnik V COVID-19 Vaccine

The Sputnik V COVID-19 vaccine has been scheduled to be delivered in countries including India, Mexico, Saudi Arabia, and Brazil.

Russia To Offer Free COVID-19 Vaccine To United Nations Staff

Features- Sep 24, 2020

Russia To Offer Free COVID-19 Vaccine To United Nations Staff

During the General Assembly, the Russian president has decided to offer UN staff in New York and around the world free Sputnik-V vaccine.