The US Department of Homeland Security has issued another alert for the users regarding a Windows bug. Given the critical nature of the vulnerability dubbed as SigRed affecting Windows DNS Servers, CISA urged users to update quickly.
SigRed Vulnerability Affecting Windows DNS Servers
In a recent press release, the Director Cybersecurity and Infrastructure Security Agency (CISA), Christopher C. Krebs, has issued an emergency directive for the SigRed vulnerability which affects Windows DNS Servers.
The details about the vulnerability recently surfaced online when Check Point Research shared about it in their post.
In brief, this vulnerability, CVE-2020-1350, affects all DNS server components shipped from 2003 to 2019. It’s a wormable vulnerability, which means it can distribute malware without user interaction and has attained a CVSS score of 10.0.
An attacker could simply exploit the flaw by sending malicious requests to the target server. Successful exploitation could allow the adversary to run codes in the context of the Local System Account. In turn, the attacker could compromise the entire infrastructure of the target organization.
The following video depicts a possible attack scenario.
Microsoft Addressed The Vulnerability
Check Point Research found this vulnerability in May 2020 after which they reported the flaw to Microsoft. And now, Microsoft has patched the vulnerability with the July Patch Tuesday updates. They successfully deployed the fix before any exploitation in the wild.
Nonetheless, considering the severity of the flaw, CISA has warned that exploitation of the bug is highly likely.
Though we are not aware of active exploitation, it is only a matter of time for an exploit to be created for this vulnerability.
Hence, they urge all federal as well as the private sector users to ensure fixing the bug immediately.
While our Emergency Directive applies to federal agencies, CISA strongly recommends our partners in the private sector – as well as state, local, tribal, and territorial government – take the same actions. They should identify whether this critical vulnerability exists on their networks and assess their plan to immediately address this significant threat.
Let us know your thoughts in the comments.