[German]The US Cybersecurity and Infrastructure Security Agency (CISA) is urging all US authorities to patch the wormable SIGRed vulnerability in Windows DNS Server within 24 hours.
The SIGRed vulnerability
There has been a bug in the code of the Windows DNS server for 17 years that leads to a critical vulnerability. The worm exploitable vulnerability could be exploited to gain domain administrator privileges, jump across the network to additional machines, and thereby compromise the entire underlying corporate infrastructure.
The whole thing was discovered by Check Point Software Technologies. SIGRed (CVE-2020-1350) is a worm-enabled critical vulnerability assigned a CVSS baseline of 10.0. The vulnerability resides in the Windows DNS server and affects Windows Server versions 2003 through 2019.
In their blog post, Check Point Software Technologies security researchers describe the SIGRed (CVE-2020-1350) vulnerability in remote code execution in Windows Domain Name System servers. The vulnerability is based on the bug that requests are not processed properly. The vulnerability could trigger a malicious DNS response. Because the service in question is running with elevated privileges (SYSTEM), an attacker who successfully exploits the service will be granted the rights of a domain administrator. The whole thing is also known as “Windows DNS Server Remote Code Execution Vulnerability”.
I had reported on this topic in more detail this week in the blog post Critical update for SigRed Bug in Windows DNS Server. Microsoft released an update for the affected Windows servers on July 14th, 2020 and also published a workaround to mitigate the vulnerability if it cannot be patched immediately (is addressed in my blog post).
CISA Alert: Patch within 24 hours
On Twitter, I was made aware of an urgent warning from the US Cybersecurity and Infrastructure Security Agency (CISA).
der US Cybersecurity and Infrastructure Security Agency (CISA) aufmerksam geworden.
— SecurityNewsPosts (@PostsSecurity) July 17, 2020
CISA urges all U.S. authorities to patch the SIGRed worm vulnerability in Windows DNS Server as soon as possible (within 24 hours).