Microsoft issues patch for wormable Windows DNS Server flaw after 17 years

(www.cyberscoop.com)

The vulnerability, which was uncovered by a researcher at Check Point, would allow hackers to intercept and interfere with users’ emails and network traffic, tamper with services, and steal users’ credentials, by exploiting Windows’ Domain Name System (DNS) Server; DNS is essentially the protocol that translates between website names and their corresponding IP addresses.

The vulnerability can be triggered by a malicious DNS response, which could lead to a heap-based buffer overflow, according to Check Point. The vulnerability, which Check Point has dubbed SigRed, is widespread as it affects all Windows Server versions, according to Microsoft.

Wow, that's a long time. I guess it's well done to and crew.