{"id":15082,"date":"2020-07-17T17:37:46","date_gmt":"2020-07-17T15:37:46","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15082"},"modified":"2020-07-17T17:37:46","modified_gmt":"2020-07-17T15:37:46","slug":"cisa-warnt-admins-sigred-windows-dns-server-patchen","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/07\/17\/cisa-warnt-admins-sigred-windows-dns-server-patchen\/","title":{"rendered":"CISA warns admins: Patch the SIGRed Windows DNS Server vulnerability"},"content":{"rendered":"

[German<\/a>]The US Cybersecurity and Infrastructure Security Agency (CISA) is urging all US authorities to patch the wormable SIGRed vulnerability in Windows DNS Server within 24 hours.  <\/p>\n

<\/p>\n

The SIGRed vulnerability<\/h2>\n

There has been a bug in the code of the Windows DNS server for 17 years that leads to a critical vulnerability. The worm exploitable vulnerability could be exploited to gain domain administrator privileges, jump across the network to additional machines, and thereby compromise the entire underlying corporate infrastructure.<\/p>\n

The whole thing was discovered by Check Point Software Technologies. SIGRed (CVE-2020-1350) is a worm-enabled critical vulnerability assigned a CVSS baseline of 10.0. The vulnerability resides in the Windows DNS server and affects Windows Server versions 2003 through 2019. <\/p>\n

In their blog post<\/a>, Check Point Software Technologies security researchers describe the SIGRed (CVE-2020-1350<\/a>) vulnerability in remote code execution in Windows Domain Name System servers. The vulnerability is based on the bug that requests are not processed properly. The vulnerability could trigger a malicious DNS response. Because the service in question is running with elevated privileges (SYSTEM), an attacker who successfully exploits the service will be granted the rights of a domain administrator. The whole thing is also known as \"Windows DNS Server Remote Code Execution Vulnerability\".<\/p>\n

I had reported on this topic in more detail this week in the blog post Critical update for SigRed Bug in Windows DNS Server<\/a>. Microsoft released an update for the affected Windows servers on July 14th, 2020 and also published a workaround to mitigate the vulnerability if it cannot be patched immediately (is addressed in my blog post).  <\/p>\n

CISA Alert: Patch within 24 hours<\/h2>\n

On Twitter, I was made aware of an urgent warning from the US Cybersecurity and Infrastructure Security Agency (CISA).<\/p>\n

der US Cybersecurity and Infrastructure Security Agency (CISA) aufmerksam geworden.<\/p>\n

\n

CISA strongly recommends state and local governments, the private sector, and others to patch CVE-2020-1350 as soon as possible https:\/\/t.co\/7HhXldCGjm<\/a> #cybersecurity<\/a> #infosec<\/a><\/p>\n

\u2014 SecurityNewsPosts (@PostsSecurity) July 17, 2020<\/a><\/p><\/blockquote>\n