The US Cybersecurity and Infrastructure Security Agency (CISA) has advised government agencies to fix an urgent vulnerability impacting DNS servers on Windows.
On Tuesday, Microsoft patched the crucial vulnerability, tracked as CVE-2020-1350 and dubbed SIGRed, with its security updates for July 2020.
The bug, which has affected versions of Windows Server released in the past 17 years, allows a remote, unauthenticated attacker to execute arbitrary code on affected Windows DNS servers using different requests. Since it’s wormable, spreading without user interaction can be exploited by malware.
Security researcher Tal Be’ery described a possible scenario of attack involving that weakness.
— Tal Be’ery (@TalBeerySec) July 17, 2020
3. Attacker’s DNS server sends malicious response (#SIGRed exploit) and infects victim DC with a malware
4. attacker has malware with Domain Admin privilegeshttps://t.co/lX97atqF1K— Tal Be’ery (@TalBeerySec) July 15, 2020
5. If no other security means on victim’s environment the attacker can move to any other place (or all places) as domain admin has highest privileges, and DC can talk to all machines.
— Tal Be’ery (@TalBeerySec) July 15, 2020
Though attacks exploiting SIGRed have yet to be seen, exploitation is not very difficult and the chances of launching attacks are high in the coming days. That’s why users have been urged to install Microsoft’s patches as soon as possible, or at least follow the suggested workaround that requires a change of the registry.
CISA ‘s emergency directive 20-03 released Thursday instructs federal agencies to take steps as soon as possible to ensure that their servers are secure from CVE-2020-1350 exploitative attacks.
“CISA has decided that this vulnerability presents an unnecessary serious risk to the Federal Civil Executive Branch and needs immediate and urgent action,” the order states. “This determination is based on the likelihood of exploitation of the vulnerability, the widespread use of the affected software throughout the Federal Enterprise, the high potential for a compromise of agency information systems and the serious impact of a successful compromise.”
To carry out the fix or workaround for SIGRed to all Windows DNS servers, agencies were given 24 hours to. They were given to install the patch and uninstall the workaround until July 24, and by the same date they need to ensure that checks are in place to upgrade newly supplied or disabled servers until they are linked to government networks.
