The vulnerability was rated by CVSS 10,0 and the researchers security advise organizations to update their systems immediately.
Discovered by Check Point researcher Sagi Tzaik and affects Microsoft Windows DNS and Server software.
According to the researchers, the vulnerability is particularly critical as it has the ability to self-transmit, and thus is able to switch to vulnerable machines without any interaction with the user and put in risk the set of computers in a network.
Taking advantage of the defect, “one hacker can generate malicious DNS requests on their DNS servers Windows and achieve arbitrary code execution that could lead to a breach of the entire infrastructure, ”the team says.
SigRed affects all versions of Windows Server from 2003 to 2019.
The vulnerability is located in the way Windows DNS Server handles an incoming DNS request, as well as in the way DNS requests are handled. Specifically, sending a DNS request with a SIG record over 64KB can "cause a heap-based buffer overflow of about 64KB on a small assigned buffer," the team says.
As the service runs with increased privileges, if one intruder manages to exploit it, also acquires administrator rights. More rarely, the vulnerability can be activated remotely through browser sessions.
Although the company states that it has not discovered any exploitation of this vulnerability by malicious agents, it does not rule out the fact that it has been in its systems for 17 whole years. So it is very difficult to say with certainty that it has not been exploited by hackers from time to time.