CISA Urged Users To Patch SigRed Vulnerability Targeting Windows DNS Servers

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

The US Department of Homeland Security has issued another alert for the users regarding a Windows bug. Given the critical nature of the vulnerability dubbed as SigRed affecting Windows DNS Servers, CISA urged users to update quickly.

SigRed Vulnerability Affecting Windows DNS Servers

In a recent press release, the Director Cybersecurity and Infrastructure Security Agency (CISA), Christopher C. Krebs, has issued an emergency directive for the SigRed vulnerability which affects Windows DNS Servers.

The details about the vulnerability recently surfaced online when Check Point Research shared about it in their post.

In brief, this vulnerability, CVE-2020-1350, affects all DNS server components shipped from 2003 to 2019. It’s a wormable vulnerability, which means it can distribute malware without user interaction and has attained a CVSS score of 10.0.

An attacker could simply exploit the flaw by sending malicious requests to the target server. Successful exploitation could allow the adversary to run codes in the context of the Local System Account. In turn, the attacker could compromise the entire infrastructure of the target organization.

The following video depicts a possible attack scenario.

Microsoft Addressed The Vulnerability

Check Point Research found this vulnerability in May 2020 after which they reported the flaw to Microsoft. And now, Microsoft has patched the vulnerability with the July Patch Tuesday updates. They successfully deployed the fix before any exploitation in the wild.

Nonetheless, considering the severity of the flaw, CISA has warned that exploitation of the bug is highly likely.

Though we are not aware of active exploitation, it is only a matter of time for an exploit to be created for this vulnerability.

Hence, they urge all federal as well as the private sector users to ensure fixing the bug immediately.

While our Emergency Directive applies to federal agencies, CISA strongly recommends our partners in the private sector – as well as state, local, tribal, and territorial government – take the same actions. They should identify whether this critical vulnerability exists on their networks and assess their plan to immediately address this significant threat.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!