HVI Blocks SIGRed, Prevents Zero-Day Execution from Suspicious Memory Regions

  • Windows DNS server remote code execution vulnerability permits full takeover of infected systems
  • Wormable exploits can spread via malware between vulnerable computers without user interaction
  • SIGRed vulnerability impacts nearly all versions of DNS in Windows Server dating back over 17 years
  • Hypervisor Introspection (HVI) prevents zero-day code execution from suspicious memory regions

On July 14, Microsoft published Security Vulnerability CVE-2020-1350 describing a longstanding, broad-based Windows DNS server remote code execution vulnerability whereby Windows Domain Name servers fail to properly handle malformed DNS requests, allowing an attacker to corrupt memory and run arbitrary code in the context of the Local System Account. All Windows servers that are configured as DNS servers are at risk from this critical (CVSS 10) vulnerability—which Microsoft acknowledges dates back at least 17 years—putting directly at risk multiple versions of Windows Server 2008, 2012, 2016, and 2019 in widespread production worldwide.

*** This is a Security Bloggers Network syndicated blog from Business Insights In Virtualization and Cloud Security authored by Michael Rosen. Read the original post at: http://feedproxy.google.com/~r/BusinessInsightsInVirtualizationAndCloudSecurity/~3/-I4fnuoYR-w/hvi-blocks-sigred-prevents-zero-day-execution-from-suspicious-memory-regions