U.S. Government Agencies Directed to Fix Windows Server Wormable Vulnerability

windowsstopcodeunexpected store exception
windows stop code unexpected_store_exception

The US Cybersecurity and Infrastructure Security Agency (CISA) has advised government agencies to fix an urgent vulnerability impacting DNS servers on Windows.

On Tuesday, Microsoft patched the crucial vulnerability, tracked as CVE-2020-1350 and dubbed SIGRed, with its security updates for July 2020.

The bug, which has affected versions of Windows Server released in the past 17 years, allows a remote, unauthenticated attacker to execute arbitrary code on affected Windows DNS servers using different requests. Since it’s wormable, spreading without user interaction can be exploited by malware.

Security researcher Tal Be’ery described a possible scenario of attack involving that weakness.

Though attacks exploiting SIGRed have yet to be seen, exploitation is not very difficult and the chances of launching attacks are high in the coming days. That’s why users have been urged to install Microsoft’s patches as soon as possible, or at least follow the suggested workaround that requires a change of the registry.

CISA ‘s emergency directive 20-03 released Thursday instructs federal agencies to take steps as soon as possible to ensure that their servers are secure from CVE-2020-1350 exploitative attacks.

“CISA has decided that this vulnerability presents an unnecessary serious risk to the Federal Civil Executive Branch and needs immediate and urgent action,” the order states. “This determination is based on the likelihood of exploitation of the vulnerability, the widespread use of the affected software throughout the Federal Enterprise, the high potential for a compromise of agency information systems and the serious impact of a successful compromise.”

To carry out the fix or workaround for SIGRed to all Windows DNS servers, agencies were given 24 hours to. They were given to install the patch and uninstall the workaround until July 24, and by the same date they need to ensure that checks are in place to upgrade newly supplied or disabled servers until they are linked to government networks.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.