SIGRed – Wormable DNS Vulnerability

As included in the Spotlight section of the Security & Resilience Update on Tuesday, Microsoft released a patch for CVE-2020-1350, a critical remote code execution (RCE) vulnerability dubbed SIGRed. All Windows Server versions from 2008 to the present are vulnerable. SIGRed only affects Windows DNS Servers; Windows DNS clients are not susceptible. However, SIGRed is wormable so it can be spread between vulnerable devices without user interaction. Likewise, given that DNS is configured on many Domain Controllers, a successful exploit could grant an attacker full domain administration control of your environment with the ability to compromise every Windows computer joined to the domain. It is recommended this patch be applied as soon as possible; however, there is an interim workaround to limit exploitability for organizations unable to patch now. For those looking for an analysis of SIGRed, veteran cybersecurity proselytizer Paul Ducklin provides a straightforward summary of the extremely technical analysis published by CheckPoint, the cybersecurity firm that disclosed the vulnerability. Read more about SIGRed at Sophos