Check Point Uncovers Critical Flaw in Windows DNS Server

Windows issued an urgent patch for the problem, which is found in all version from 2003 to 2019

Photo: Bigstock

Check Point researchers recently discovered a critical vulnerability in the Windows Domain Name System (DNS) Server, an essential component of Windows, the company announced on Tuesday.

The company said it had reported the threat to Microsoft, who "acknowledged it as a critical vulnerability" and "issued an urgent patch for it."  

Check Point strongly urged users to apply the patch to their affected Windows DNS Server versions from 2003 to 2019 to prevent the exploitation of this vulnerability.

"Imagine what could happen if someone was able to intercept and read every piece of your mail without your knowledge, before forwarding it on to you:  your new bank card, your replacement driver’s license or passport, letters from your doctor, application forms and more. It’s not hard to understand what that person could learn about you, and what damaging things they could do by copying or tampering with your mail

"Now imagine that a hacker could do the same on your organization’s network, intercepting and manipulating users’ emails and network traffic, making services unavailable, harvesting users’ credentials and more. In effect, they would be able to seize complete control of your IT," Check Point wrote on its website explaining the critical vulnerability.

What is DNS?

According to Check Point, "DNS is part of the global internet infrastructure" that translates familiar website names into strings of numbers that computers need in order to find a website or send an email.

The vulnerability that Check Point discovered would expose all organizations using Windows Server versions 2003 to 2019 and if exploited, would give a potential hacker "Domain Administration rights over the server, and compromise the entire corporate infrastructure."

"The flaw is in the way the Windows DNS server parses an incoming DNS query, and in the way it parses a response to a forwarded DNS query.  If triggered by a malicious DNS query, it triggers a heap-based buffer overflow, enabling the hacker to take control of the server," Check Point stated.

Additionally, Microsoft described the vulnerability as "wormable," which Check Point said could mean that "a single exploit can start a chain reaction that allows attacks to spread from vulnerable machine to vulnerable machine without requiring any human interaction."

"As DNS security is not something many organizations monitor for, or have tight controls around, this means that a single compromised machine could be a ‘super spreader,’ enabling the attack to spread throughout an organization’s network within minutes of the first exploit," Check Point added.

As such, the company strongly urged all users to patch their affected Windows DNS Servers.