Researchers have found a 17 year old Windows RCE vulnerability which is impacting users.
The remote code execution vulnerability named ‘SigRed’, allows hackers to gain domain administrator privileges over targeted servers and seize complete control of an organization’s IT infrastructure.
The vulnerability can be exploited by sending malicious DNS queries to a Windows DNS server. The hacker then achieves arbitrary code execution, which enables the threat actor to intercept and manipulate users’ emails and network traffic, make services unavailable, harvest users’ credential, etc.
The main issue with the vulnerability is that it is wormable, which means that it can spread from one system to another without any human interaction. A single machine can be used by the attacker to exploit entire infrastructure used by an organization within minutes.
Microsoft has released a patch for this and some other vulnerabilities and have requested the users to download the patch immediately. Microsoft has also informed the users that there has been no case of exploit reported for this vulnerability.
NPAV recommends users to always stay updated about the security patches released by the organizations and download them immediately. Install NPAV and stay protected from any unauthorized access targeted to your system.
Use NPAV and join us on a mission to secure the cyber world.