Show vulnerabilities with patch / with exploit
20 July 2020

DHS CISA orders government agencies to fix SIGRed Windows Server DNS bug


DHS CISA orders government agencies to fix SIGRed Windows Server DNS bug

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued the Emergency Derective 20-03, which orders all US authorities to swiftly patch the wormable SIGRed vulnerability in Windows DNS Server due to a strong possibility of the vulnerability being exploited.

The flaw in question is CVE-2020-1350, a remote code execution vulnerability, which resides in Microsoft’s DNS implementation. The vulnerability affects Windows Server versions 2003 to 2019 and can be triggered by a malicious DNS response, which could lead to a heap-based buffer overflow. The flaw has received a maximum CVSS score of 10. The flaw has been fixed by Microsoft last week as part of its monthly Patch Tuesday release.

According to the directive, government agencies are required to update all endpoints running Windows Server operating systems, or apply a registry modification workaround; ensure the July 2020 Security Update is applied to all Windows Servers (and the registry change workaround is removed if necessary and applicable); and ensure technical and/or management controls are in place to ensure newly provisioned or previously disconnected servers are updated before connecting to agency networks.

The agencies also required to provide an initial status report by July 20 containing an information related to the agency’s current status, and submit a completion report by July 24 “attesting to CISA that the applicable update has been applied to all affected endpoints and providing assurance that newly provisioned or previously disconnected servers will be patched as required by this directive.”

The good news is that currently no proof-of-concept code for the SIGRed vulnerability is publicly available.

“The Cybersecurity and Infrastructure Security Agency (CISA) is unaware of active exploitation of this vulnerability, but assesses that the underlying vulnerabilities can be quickly reverse engineered from a publicly available patch,” according to the directive.

Back to the list

Latest Posts

Vulnerabilities in Gmail and iCloud allow hiding the sender

Vulnerabilities in Gmail and iCloud allow hiding the sender

Manipulating email header fields allows for various types of attacks to deceive the addressee.
6 August 2020
Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020