SIGRed -17-Year-Old Bug Vulnerability in Window DNS Servers
15 July 2020
Microsoft has disclosed a 17-year-old wormable vulnerability in Windows DNS servers. The flaw, known as SIGRed (CVE-2020-1350), affects versions 2003 to 2019 and can be triggered by a malicious DNS response. If exploited, a malicious actor could gain Domain Administrator rights, and compromise the entire corporate infrastructure. Once in, the attacker can seize and manipulate users’ emails and network traffic, disrupt and disable services, steal credentials and so forth.
We strongly advise to apply patches as soon as possible. If applying the update is not practical, a registry-based workaround is available which does not require restarting the server.
The vulnerability exists in the Windows DNS servers when they fail to properly handle requests; the update addresses this by modifying how requests are handled. While there is no evidence that the vulnerability has been exploited to date, Microsoft has assigned the highest risk score of 10 on the Common Vulnerability Scoring System (CVSS), the most severe rating possible. Researchers claim there is a high chance of exploitation after finding all of the primitives needed to exploit the bug, meaning a determined attacker could do the same.
Therefore, it is crucial you;
- Check and make sure you can patch all Windows DNS servers with the relevant patch as defined here, in order to prevent the exploitation of this vulnerability.
- Review any firewall rules that allow external traffic over Port 53 to your internal DNS resolvers as this would significantly increase the attack surface area.
A critical privilege escalation exploit in Windows Server (CVE-2020-1472), codenamed Zerologon, allows an attacker to become a domain admin, even without any credentials.
Microsoft’s September Patch Tuesday fixes 129 security holes (23 of which are rated ‘critical’) in numerous versions of its Windows operating system and related software. One of the more critical patches could allow remote code execution by sending an email to a victim.
Secrutiny Awarded Position on Crown Commercial Services “Cyber Security Services 3 Dynamic Purchasing System”
We are thrilled to announce that Secrutiny has been awarded a position on Crown Commercial Service’s Cyber Security Services 3 Dynamic Purchasing System (DPS).