A critical vulnerability, tracked as (CVE-2020-1350), affecting Windows Server versions 2003 to 2019 has been patched after being existed in the system’s code for almost 17 years. Also known as SigRed, the 17-year-old ‘wormable’ remote code execution (RCE) vulnerability could propagate itself across vulnerable machines in a network without the need of any user interaction. A remote attacker may exploit the flaw by sending specially crafted malicious DNS queries to a targeted Windows DNS server and if successful, it could grant attackers administrator privileges over the targeted server and compromised the entire organization’s network. A compromised DNS server could enable attackers to intercept and manipulate users’ emails and network traffic, make services unavailable, and harvest users’ credentials.

___________________________________

A. Nature of Attack

What are the affected systems of this vulnerability:

Windows Server:

• Windows Server 2019
• Windows Server 2016
• Windows Server 2012 R2
• Windows Server 2012
• Windows Server 2008
• Windows Server 2003 R2
• Windows Server 2003

___________________________________

B. Actions to be Taken

CERT-PH recommends the following actions be taken:

Install the latest security updates from Microsoft as part of their July 2020 Patch Tuesday release which addressed the said vulnerability.