• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Critical Microsoft DNS Server Vulnerability – SIGRRed

July 14, 2020 By Marc Laliberte

Broken lock

If you already had plans to test and roll out the various Microsoft Windows and Server updates that came out today as a part of Microsoft’s Patch Tuesday, you probably want to move a bit quicker. Among the various bug fixes are a series of patches for a critical “wormable” vulnerability in Windows DNS Server, affecting all Windows Server versions dating back to Server 2003 (though patches are only available for 2008 and later).

Tagged as CVE-2020-1350 or SIGRed by the researchers at CheckPoint who discovered it, this vulnerability could enable an unauthenticated attacker to run gain code execution on a vulnerable server simply by tricking it into resolving a malicious DNS request. Because the DNS sevice runs with elevated privileges, a successful exploit gives the attacker full reign over the entire domain infrastructure. Because of this, and the ease of exploitation, the vulnerability was given a Common Vulnerability Scoring System (CVSS) score of 10.0, which is as bad as it gets.

If you have any version of Windows Server acting as a DNS resolver, you should install the security update as soon as possible. CheckPoint also provided a mitigation technique in the form of a registry entry that modifies the maximum length of a DNS message for those who can’t install the update straight away.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f

net stop DNS && net start DNS

Share This:

Related

Filed Under: Editorial Articles Tagged With: Infosec news, Microsoft, software update, Software vulnerabilities

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use