On Tuesday, Microsoft patched the crucial vulnerability, tracked as CVE-2020-1350 and dubbed SIGRed, with its security updates for July 2020. The bug, which has affected versions of Windows Server released in the past 17 years, allows a remote, unauthenticated attacker to execute arbitrary code on affected Windows DNS servers using different requests. Since it’s wormable, spreading without user interaction can be exploited by malware. Security researcher Tal Be’ery described a possible scenario of attack involving that weakness.
— Tal Be’ery (@TalBeerySec) July 17, 2020
— Tal Be’ery (@TalBeerySec) July 15, 2020 Though attacks exploiting SIGRed have yet to be seen, exploitation is not very difficult and the chances of launching attacks are high in the coming days. That’s why users have been urged to install Microsoft’s patches as soon as possible, or at least follow the suggested workaround that requires a change of the registry. — Tal Be’ery (@TalBeerySec) July 15, 2020 CISA ‘s emergency directive 20-03 released Thursday instructs federal agencies to take steps as soon as possible to ensure that their servers are secure from CVE-2020-1350 exploitative attacks. “CISA has decided that this vulnerability presents an unnecessary serious risk to the Federal Civil Executive Branch and needs immediate and urgent action,” the order states. “This determination is based on the likelihood of exploitation of the vulnerability, the widespread use of the affected software throughout the Federal Enterprise, the high potential for a compromise of agency information systems and the serious impact of a successful compromise.” To carry out the fix or workaround for SIGRed to all Windows DNS servers, agencies were given 24 hours to. They were given to install the patch and uninstall the workaround until July 24, and by the same date they need to ensure that checks are in place to upgrade newly supplied or disabled servers until they are linked to government networks.