The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: windows server

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

November 12, 2020Ravie Lakshmanan
A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks. Dubbed " SAD DNS attack " (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications. "This represents an important milestone — the first weaponizable network side channel attack that has serious security impacts," the researchers said. "The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache." Tracked as CVE-2020-25705, the findings were presented at the ACM Conference on Computer, and Communications Security (CCS '20) held this week. The flaw affects operating systems Linux 3.18-5.10, Windows Serv
LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

September 29, 2020The Hacker News
I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called  Zerologon —that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the  Netlogon Remote Control  Protocol for Domain Controllers. In other words, the underlying vulnerability ( CVE-2020-1472 ) could be exploited by an attacker to compromise Active Directory services, and eventually, the Windows domain without requiring any authentication. What's worse is that a proof-of-concept exploit for this flaw was released to the public last week, and immediately after, attackers started exploiting the weakness against unpatched systems in the wild. As described in our  coverage  based on a technical analysis published by Cynet security researchers, the underlying issue is Microsoft's implementation of
Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability

September 23, 2020Wang Wei
If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' (CVE-2020-1472) and discovered by Tom Tervoort of  Secura , the privilege escalation vulnerability exists due to the insecure usage of AES-CFB8 encryption for Netlogon sessions, allowing remote attackers to establish a connection to the targeted domain controller over Netlogon Remote Protocol (MS-NRPC). "The attack utilizes flaws in an authentication protocol that validates the authenticity and identity of a domain-joined computer to the Domain Controller. Due to the incorrect use of an AES mode of operation, it is possible to spoof the identity of any computer account (including that of the DC itself) and set an empty password for that account in the domain," researchers at cyber
Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

August 20, 2020Mohit Kumar
Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537 , both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated privileges after successful exploitation. In brief, the Remote Access Service functionality of the Windows operating system allows remote clients to connect to the server and access internal resources from anywhere via the Internet. A patch for both vulnerabilities was first released on August 11 with the batch of August Patch Tuesday updates, but it was for Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004 systems. A week later, yesterday, on August 19, the company announced that Windows 8.1 and Windows Server 2012 R2 systems are vulner
17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS Servers

July 14, 2020Ravie Lakshmanan
Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019. The 17-year-old remote code execution flaw ( CVE-2020-1350 ), dubbed ' SigRed ' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and seize complete control of an organization's IT infrastructure. A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. In a detailed report shared with The Hacker News, the Check Point researcher Sagi Tzadik confirmed that the flaw is wormable in nature, allowing attackers to launch an attack that can sp
Hackers Exploiting Microsoft Servers to Mine Monero - Makes $63,000 In 3 Months

Hackers Exploiting Microsoft Servers to Mine Monero - Makes $63,000 In 3 Months

September 28, 2017Swati Khandelwal
Mining cryptocurrencies can be a costly investment as it takes a monstrous amount of computing power, and thus hackers have started using malware that steals computing resources of computers it hijacks to make lots of dollars in digital currency. Security researchers at security firm ESET have spotted one such malware that infected hundreds of Windows web servers with a malicious cryptocurrency miner and helped cybercriminals made more than $63,000 worth of Monero (XMR) in just three months. According to a report published by ESET today, cybercriminals only made modifications to legitimate open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to secretly install the miner on unpatched Windows servers. Although ESET's investigation does not identify the attackers, it reports that the attackers have been infecting unpatched Windows web servers with the cryptocurrency miner since at least May 2017 to mine 'Monero,' a Bitcoin-like
Windows SMB Zero-Day Exploit Released in the Wild after Microsoft delayed the Patch

Windows SMB Zero-Day Exploit Released in the Wild after Microsoft delayed the Patch

February 05, 2017Swati Khandelwal
Last weekend a security researcher publically disclosed a zero-day vulnerability in Windows 10, Windows 8.1 and Server editions after Microsoft failed to patch it in the past three months. The zero-day memory corruption flaw resides in the implementation of the SMB (server message block) network file sharing protocol that could allow a remote, unauthenticated attacker to crash systems with denial of service attack, which would then open them to more possible attacks. According to US-CERT, the vulnerability could also be exploited to execute arbitrary code with Windows kernel privileges on vulnerable systems, but this has not been confirmed right now by Microsoft. Without revealing the actual scope of the vulnerability and the kind of threat the exploit poses, Microsoft has just downplayed the severity of the issue, saying: "Windows is the only platform with a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as
Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals

Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals

October 18, 2016Swati Khandelwal
When Hillary Clinton's private email server was hacked earlier this year, she was criticized for her bad security practices that exposed top secret documents stored in emails on that private server. The FBI called her behavior 'extremely careless.' Republican presidential candidate Donald Trump and his supporters are continuously criticizing Clinton's use of a private email server. And here's what Trump lectured in a debate about cybersecurity: "The security aspect of cyber is very, very tough. And maybe it's hardly doable. But I will say, we are not doing the job we should be doing. But that's true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly, cyber is one of them." Forget Clinton; Trump has so worryingly insecure internet setup that anyone with little knowledge of computers can expose almost everything about Trump and his campaign. Security researcher Kevin Beaumont,
Windows Updates Can be Intercepted to Inject Malware into Corporate Networks

Windows Updates Can be Intercepted to Inject Malware into Corporate Networks

August 07, 2015Khyati Jain
If you think that the patches delivered through Windows update can not be laced with malware, think again. Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations. Security researchers from UK-based security firm ' Context ' have discovered a way to exploit insecurely configured implementations of Windows Server Update Services (WSUS) for an enterprise. What is WSUS in Windows? Windows Server Update Services (WSUS) allows an administrator to deploy the Windows software update to servers and desktops throughout the organization. These updates come from the WSUS server and not Windows server. Once the updates are with the administrator on the server, he can limit the privilege for the clients in a corporate environment to download and install these updates. As the admin is the owner of the distribution of these updates. Intercepting WSUS to Inject Malware into Corporate Networks By def
18-year-old Unpatched Vulnerability Affects All Versions of Microsoft Windows

18-year-old Unpatched Vulnerability Affects All Versions of Microsoft Windows

April 14, 2015Swati Khandelwal
Security researchers have unearthed a serious security flaw in all supported versions of Windows that could let hackers steal users' credentials from computers, tablets or servers running any version of Windows operating system, including the as-yet-released Windows 10. This vulnerability in Windows was first discovered 20 Years ago : The critical bug, dubbed " Redirect to SMB ," is a variant of a vulnerability found in Windows by researcher Aaron Spangler nearly 18 years ago that caused Windows to expose a user's Windows username and password automatically. However, according to researchers at security firm Cylance who discovered the flaw, this weakness in Windows was never patched by Microsoft, as Microsoft says that this flaw is not worth focusing on, and, therefore... ...This results in a new hack that targets the SMB file sharing protocol . But, What is SMB? SMB, or Server Message Block, is a protocol that allows users to share files o
Microsoft Unveils Windows 10 — The Next Version Of Windows Operating system

Microsoft Unveils Windows 10 — The Next Version Of Windows Operating system

October 01, 2014Mohit Kumar
While the whole world was waiting for the next generation of Windows operating system , i.e. Windows 9, but skipping right over 9, Microsoft has announced the next version of its Windows is Windows 10 , disclosing its first details on Tuesday at an event in San Francisco. The latest version of Microsoft's flagship operating system, which will be available for everyone next year, brings back the popular Start Menu, which had been removed from Windows 8. Windows 10 will be Microsoft's single platform for developing apps across all devices, from Smartphones and tablets to desktop PCs. However, Windows 10 will not be a one-size-fits-all operating system and instead will vary a bit from device to device. " Windows 10 will run on the broadest amount of devices. A tailored experience for each device ," Microsoft's executive VP of operating systems, Terry Myerson said at a press event here Tuesday. " There will be one way to write a universal application, one
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.