July 14th marked a very important patch rollout for Windows DNS Servers. CVE-2020-1350 (aka SIGRed) is a wormable, critical vulnerability in the Windows DNS server application which, if exploited, can give an attacker Domain Administrator rights in your network. It is possible to exploit this vulnerability with large, specially crafted responses from a malicious nameserver, even with a properly secured DNS architecture.
A demonstration of this exploit was conducted on a Windows 2012R2 server, but it is said to affect all current versions of Windows Server up through 2019 and is a 10/10 critical vulnerability for any network relying on Windows DNS. Research resource.
Given the upward trend in ransomware attacks which first target and prioritize acquiring Domain Controller credentials, SecuLore is especially concerned for our clients in public safety. For those who may not be able to apply the patch immediately, Microsoft has issued a no-downtime registry edit workaround which mitigates the vulnerability by decreasing the maximum TCP DNS transaction size below the 64KB threshold required to trigger the exploit. Microsoft’s workaround.
Stay cyber-safe,
SecuLore Support Team
Other Alerts
Cyber-Protecting Our Nation’s Critical Infrastructure
At SecuLore, our mission is to cyber-protect our nation’s critical infrastructure. Led by experts in 9-1-1 technology, cyberwarfare, and ethical hacking, our team provides the technology, expertise, and training needed to defend customers from increasingly sophisticated cyber threats.