Microsoft released its patch for July patch on Tuesday, which also patches a particularly severe vulnerability affecting Windows Server customers – which has received a maximum CVVS 10.0 vulnerability rating. Although it has been a gaping vulnerability for nearly 17 years, the Redmond giant is fortunately not one of the newly patched vulnerabilities that attackers would have actively exploited.
It is rooted in a Windows DNS component and, with properly prepared queries, allows potential attackers to gain domain administrator privileges on a given network and even take control of the entire network. The vulnerability only affects editions of Windows Server, but can be found in a wide range of applications, from Windows Server 2003 to 2019.
SigRed is also particularly dangerous because it is a “wormable” vulnerability, meaning that it can spread between different computers without user interaction, as long as they connect to the affected network. Security researchers at Check Point, quoted by Ars Technica, say driving SigRed into a yoke is by no means an impossible task for online criminals, and while experts have found no indication that the vulnerability has been actively exploited in the past, there is a good chance it will change in the near future. Accordingly, administrators are encouraged to install the related security patches without delay.
The July patch Tuesday patches 122 additional vulnerabilities in addition to SigRed in a total of 13 products. The RemoteFX vGPU component in Microsoft's Hyper-V hypervisor solution received multiple patches, as well as the Jet Database Engine for each Office application from the patches. In addition, the company fixed bugs in Word, Excel, Outlook, Sharepoint, Windows LNK files, and some graphical components of Windows, which would also have allowed attackers to run code remotely.
Gellert is Technology Editor at Counting News Media and contributor at other major tech publications. Her interests includes testing new gadgets and reading.