Windows vulnerability triggers Homeland Security reaction

Claudiu Andone
by Claudiu Andone
0 Comments
Download PDF
Affiliate Disclosure

  • On July 14th, Microsoft issued a security update to address this critical Windows vulnerability together with other 138 other vulnerabilities.
  • CISA recommends all agencies to update all endpoint computers running Windows Server within 24 hours.
  • For more on cybercrime and security, visit our Cybersecurity section.
  • We have more security news coverage in our Security News Hub.
Vulnerability affecting Windows Server triggers CISA reaction

Despite Microsoft being focused on privacy and security improvements, there are still crucial vulnerabilities to be attended to. And Cybersecurity and Infrastructure Security Agency (CISA) demand that they have to be patched now!

The Federal authorities refer to the Windows DNS Server Remote Code Execution Vulnerability code-named CVE-2020-1350.

On July 14th, Microsoft issued a security update to address this critical Windows vulnerability together with other 138 other vulnerabilities.

Microsoft had previously urgent updates to patch some vulnerabilities out of the blue like some apparently harmless codecs.

And let’s not forget that not long ago, NSA already warned about another vulnerability, CVE-2020-0688 that affected Microsoft Exchange servers. 

What is CVE-2020-1350 and what does it do?

The CVE-2020-1350 vulnerability is also known as SIGRed and it is a remote code execution that affects Windows Server versions 2003 through 2019.

The problem is that this vulnerability received the maximum severity rating of 10 out of 10.

The severity rating also comes from the fact that SIGRed is workable. That means that an exploit can extend throughout the network to vulnerable computers automatically, without any human help.

And as happens with most vulnerabilities, this is not a new one, it existed for over 17 years and it impacts all Windows Server versions 2003 through 2019.

Luckily, Microsoft issued a Registry workaround for this vulnerability but it has to be applied to the vulnerable servers at once.

What are the CISA’s recommendations?

The emergency directive from CISA recommends all agencies to update all endpoint computers running Windows Server within 24 hours (by 2:00 pm EST, Friday, July 17, 2020).

These requirements apply to Windows Servers in any information system, including information systems used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information.

The Federal authority also makes a clear statement about the gravity of the potential exploitation of this vulnerability:

CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action. This determination is based on the likelihood of the vulnerability being exploited, the widespread use of the affected software across the Federal enterprise, the high potential for a compromise of agency information systems, and the grave impact of a successful compromise.

If you have any thoughts about this, please lay them down in our Comments section below.