Read the original article: Wormable DNS flaw endangers all Windows servers
Remote code execution vulnerabilities that affect the core networking components of operating systems are rare these days, but when they happen, the IT industry is put on alert because they are among the most dangerous flaws that can lead to the mass exploitation of computer systems around the world. On Tuesday, Microsoft released a patch for such a vulnerability that affects its implementation of the Domain Name System (DNS) server on Windows and urged organizations to deploy the fix as soon as possible.
A wormable remote code execution
The vulnerability, tracked as CVE-2020-1350, was discovered by researchers from Check Point Software Technologies, who dubbed it SIGRed, a play on the vulnerable function name that handles DNS SIG queries. The flaw received the maximum CVSS severity score of 10, making it critical, and according to Microsoft, it’s wormable.
Read the original article: Wormable DNS flaw endangers all Windows servers