• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Orange reports major cyberattack, warns of service disruptions

 | 

Hackers leak images and comments from women dating safety app Tea

 | 

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Pierluigi Paganini July 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited.

The US DHS CISA issued an emergency directive urging government agencies to patch the recently disclosed SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited.

Microsoft’s Patch Tuesday addressed a 17-year-old wormable vulnerability for hijacking Microsoft Windows Server tracked CVE-2020-1350 and dubbed SigRed.

The issue received a severity rating of 10.0 on the CVSS scale and affects Windows Server versions 2003 to 2019.

The SigRed flaw was discovered by Check Point researcher Sagi Tzaik and impacts Microsoft Windows DNS.

The vulnerability could be exploited by an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and take full control of an organization’s IT infrastructure.

An attacker could exploit the SigRed vulnerability by sending specially-crafted malicious DNS queries to a Windows DNS server.

“SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. As the service is running in elevated privileges (SYSTEM), if exploited successfully, an attacker is granted Domain Administrator rights, effectively compromising the entire corporate infrastructure.” reads the analysis published by CheckPoint.

An attacker could exploit the issue to remotely execute arbitrary code, intercept and manipulate network traffic and steal sensitive data.

The flaw resides in how Windows DNS server handles an incoming DNS query, as well as how forwarded DNS queries are parsed.

The bug affects the DNS server component that ships with all Windows Server versions from 2003 to 2019.

CISA director Christopher Krebs considers the issue critical for government agencies due to the wide prevalence of Windows Server in civilian Executive Branch, it is also critical for organizations in the private sector.

“I’ve determined that immediate action is necessary, and federal departments and agencies need to take this remote code execution vulnerability in Windows Server’s Domain Name System (DNS) particularly seriously.” states Krebs.

“Today, I directed agencies to apply the July 2020 Security Update for Windows Servers running DNS (CVE-2020-1350), or the temporary registry-based workaround if patching is not possible within 24 hours.”

Krebs pointed out that the issue is “wormable,” this means that it can run independently and propagate copies to other vulnerable systems impacting all Windows Server versions that have the DNS role enabled.

The ED 20-03 emergency directive requires agencies to install the security patches within by Friday, July 17, 2020, 2:00 pm EDT.

In case agencies cannot be installed, CISA requires agencies to deploy a registry modification workaround detailed in the Microsoft advisory.

Agencies then have another week to remove the workaround and apply the security update. Servers that can’t be updated should be removed from an agency’s network, CISA said.

This emergency directive requires updating all endpoints running Windows Server operating systems. and reporting status report to CISA.

The good news is that at the time of writing, no proof-of-concept code for the SIGRed vulnerability is publicly available.

“The Cybersecurity and Infrastructure Security Agency (CISA) is unaware of active exploitation of this vulnerability, but assesses that the underlying vulnerabilities can be quickly reverse engineered from a publicly available patch.” states the directive.

Recently security experts warned of other critical vulnerabilities that are easy to exploit, including issues in Palo Alto Networks’s PAN-OS, in F5 BIG-IP networking devices, and the SAP Recon vulnerability.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SigRed)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

CISA Hacking hacking news information security news IT Information Security malware Pierluigi Paganini Security Affairs Security News SigRed Windows

you might also like

Pierluigi Paganini July 29, 2025
Orange reports major cyberattack, warns of service disruptions
Read more
Pierluigi Paganini July 29, 2025
Hackers leak images and comments from women dating safety app Tea
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Orange reports major cyberattack, warns of service disruptions

    Security / July 29, 2025

    Hackers leak images and comments from women dating safety app Tea

    Data Breach / July 29, 2025

    Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

    Hacktivism / July 29, 2025

    Seychelles Commercial Bank Reported Cybersecurity Incident

    Data Breach / July 29, 2025

    Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

    Hacking / July 29, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT