This blog explains CVE-2020-1350 aka SIGRed, how to identify if you are vulnerable and what, if anything, you need to do.
It’s a vulnerability in all versions of Windows servers that could result in Remote Code Execution, allowing a successful attacker to run unwanted operations on machines which can irreparably damage affected machines by sending a crafted DNS request to the server. The vulnerability has been deemed as ‘wormable’, which means it can be spread between vulnerable machines without user interaction. It can be spread as easily as getting an user to interact with a webpage.
Checkpoint have given a breakdown of how the vulnerability may be exploited, as well as how to protect against it.
Yes, this should be patched and the machines restarted at the earliest opportunity.
Edgescan are advising patching at the earliest convenience, when we start seeing SIGRed in the wild on our clients infrastructure, we will be advising them if they are vulnerable.
You should also check your patching for Windows Servers:
If you can’t immediately apply patches, there is a temporary workaround by editing the maximum length of a DNS message via the registry.
If you have any concerns please reach out to the Edgescan Team through the usual channels.
Take this opportunity to download the Edgescan 2020 Vulnerability Stats Report.
Marketing Executive of Edgescan