A critical vulnerability that allows an attacker to intercept and manipulate emails and other network traffic, including making network services inaccessible, was recently discovered. Called SIGRed, the vulnerability was in the Windows DNS Server which is an essential component of any Windows’ network environment and Microsoft has recently issued an urgent patch for it.
The patch needs to be applied to Windows DNS Server versions from 2003 to 2019 to prevent the exploitation of this vulnerability. DNS is part of the global internet system that translates website names into strings of numbers to enable devices to locate the websites by means of the DNS records. DNS is also used or sending e-mails. The attackers exploiting the vulnerability in the DNS servers can change the addresses that websites direct traffic to, including emails and Virtual Private Networks (VPNs). This actually happened at government institutions recently in the Middle East. A single DNS exploit can also cause the attack to automatically spread from one device to another and as most organisations do not monitor their DNS servers the organisation can be rapidly compromised. F-Secure‘s RADAR Endpoint Detection and Response (EDR) solution was recently enabled with the ability to detect this particular threat.