SIGRed: Patch your Windows Server now with XEOX and avoid vulnerability

An unbelievable 17-year-old bug just has been awarded a CVSS severity score of 10.0 making it an extremely dangerous security hole for Windows DNS Server.

The bug, tracked as CVE-2020-1350 or also called “SigRed” relates to Microsoft Windows DNS and is wormable, meaning it can jump across unpatched machines without user interaction. Unnoticed this can lead to the compromising of the whole network of a company.

As Microsoft closed the security issue on its Microsoft Patch Tuesday, a secure patch is finally available. Still this update won’t be installed automatically.

The bug was found by Check Point Researchers who also claim that an attack does not require a lot of skills, again remarking how important it is to update all Windows Server now. Still they cannot confirm if the vulnerability has been exploited yet but urge everyone to patch their machines.

The vulnerability is caused by the parsing of incoming DNS queries and the handling of forwarded DNS queries. Therefore, internal, non-public facing DNS servers can also be affected.

“This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected. Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible,” Microsoft says.

Codes: KB4565536, KB4565529, KB4565524, KB4565539, KB4565537, KB4565535, KB4565541, KB4565540, KB4565511, KB4558998, KB4565483, KB4565503

You are looking for a command line tool?