Advisory, Blog, General, News

Advisory: Critical RCE in Windows DNS – CVE-2020-1350

Windows CVE-2020-1350 aka SIGRed?

This blog explains CVE-2020-1350 aka SIGRed, how to identify if you are vulnerable and what, if anything, you need to do.

 

What is it?

It’s a vulnerability in all versions of Windows servers that could result in Remote Code Execution, allowing a successful attacker to run unwanted operations on machines which can irreparably damage affected machines by sending a crafted DNS request to the server. The vulnerability has been deemed as ‘wormable’, which means it can be spread between vulnerable machines without user interaction. It can be spread as easily as getting an user to interact with a webpage.

 

Checkpoint have given a breakdown of how the vulnerability may be exploited, as well as how to protect against it.
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/

 

Should I be worried?

Yes, this should be patched and the machines restarted at the earliest opportunity.

 

What do I need to do?

Edgescan are advising patching at the earliest convenience, when we start seeing SIGRed in the wild on our clients infrastructure, we will be advising them if they are vulnerable.

 

You should also check your patching for Windows Servers:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

 

If you can’t immediately apply patches, there is a temporary workaround by editing the maximum length of a DNS message via the registry.
https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

 

Here for CVE advisory:

https://nvd.nist.gov/vuln/detail/CVE-2020-1350

 

Here for the MS Security Response update:

https://msrc-blog.microsoft.com/2020/07/14/july-2020-security-update-cve-2020-1350-vulnerability-in-windows-domain-name-system-dns-server/

 

If you have any concerns please reach out to the Edgescan Team through the usual channels.

 

Take this opportunity to download the Edgescan 2020 Vulnerability Stats Report.

Posted July 14, 2020 in Advisory, Blog, General, News

Theo

theo.g@edgescan.com

Marketing Executive of Edgescan

Recent News

Edgescan Invites Visitors To Explore New, User Friendly Website
Dec 22, 2021

Edgescan Invites Visitors To Explore New, User Friendly Website

Log4Shell Quick Script
Dec 20, 2021

Log4Shell Quick Script

Log4Shell
Dec 20, 2021

Log4Shell