Security researchers have found a critical security flaw in Windows’ Domain Name System (DNS) that people should patch immediately. Check Point Software Technologies researcher Sagi Tzaik has discovered a way to inject malicious code that can be used to steal private information, intercept emails, hijack websites, and more.
The researchers have codenamed the vulnerability SigRed and have said that it affects Windows Server versions between 2003 to 2019. Microsoft has already been informed of this issue and the software maker acknowledged that the flaw can allow hackers to take over multiple machines. Hence, it has the ability to cause significant damage.
This is especially dangerous for corporate customers that run their own platforms since the exploit is fairly simple to use.
One of Check Point’s researchers Omri Herscovici has said that:
DNS server breach is a very serious thing, since it puts the attacker just one inch away from breathing the entire organization.
He added that the fact that this flaw has persisted for more than 17 years means that attackers have most likely discovered it already and have possibly used it to their advantage.
Fortunately, Microsoft has already issued a patch for this vulnerability on the Tuesday update. They are urging everyone to download the update immediately and we would recommend the same.