A critical vulnerability, tracked as (CVE-2020-1350), affecting Windows Server versions 2003 to 2019 has been patched after being existed in the system’s code for almost 17 years. Also known as SigRed, the 17-year-old ‘wormable’ remote code execution (RCE) vulnerability could propagate itself across vulnerable machines in a network without the need of any user interaction. A remote attacker may exploit the flaw by sending specially crafted malicious DNS queries to a targeted Windows DNS server and if successful, it could grant attackers administrator privileges over the targeted server and compromised the entire organization’s network. A compromised DNS server could enable attackers to intercept and manipulate users’ emails and network traffic, make services unavailable, and harvest users’ credentials.
___________________________________
A. Nature of Attack
What are the affected systems of this vulnerability:
Windows Server:
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008
- Windows Server 2003 R2
- Windows Server 2003
___________________________________
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
Install the latest security updates from Microsoft as part of their July 2020 Patch Tuesday release which addressed the said vulnerability.