Windows vulnerability triggers Homeland Security reaction

by Claudiu Andone
Claudiu Andone
Claudiu Andone
Windows & Software Expert
Oldtimer in the tech and science press, Claudiu is focused on whatever comes new from Microsoft. His abrupt interest in computers started when he saw the first Home... read more
Affiliate Disclosure
  • On July 14th, Microsoft issued a security update to address this critical Windows vulnerability together with other 138 other vulnerabilities.
  • CISA recommends all agencies to update all endpoint computers running Windows Server within 24 hours.
  • For more on cybercrime and security, visit our Cybersecurity section.
  • We have more security news coverage in our Security News Hub.
Vulnerability affecting Windows Server triggers CISA reaction

XINSTALL BY CLICKING THE DOWNLOAD FILE
To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

Despite Microsoft being focused on privacy and security improvements, there are still crucial vulnerabilities to be attended to. And Cybersecurity and Infrastructure Security Agency (CISA) demand that they have to be patched now!

The Federal authorities refer to the Windows DNS Server Remote Code Execution Vulnerability code-named CVE-2020-1350.

On July 14th, Microsoft issued a security update to address this critical Windows vulnerability together with other 138 other vulnerabilities.

Microsoft had previously urgent updates to patch some vulnerabilities out of the blue like some apparently harmless codecs.

And let’s not forget that not long ago, NSA already warned about another vulnerability, CVE-2020-0688 that affected Microsoft Exchange servers. 

What is CVE-2020-1350 and what does it do?

The CVE-2020-1350 vulnerability is also known as SIGRed and it is a remote code execution that affects Windows Server versions 2003 through 2019.

The problem is that this vulnerability received the maximum severity rating of 10 out of 10.

The severity rating also comes from the fact that SIGRed is workable. That means that an exploit can extend throughout the network to vulnerable computers automatically, without any human help.

And as happens with most vulnerabilities, this is not a new one, it existed for over 17 years and it impacts all Windows Server versions 2003 through 2019.

Luckily, Microsoft issued a Registry workaround for this vulnerability but it has to be applied to the vulnerable servers at once.

What are the CISA’s recommendations?

The emergency directive from CISA recommends all agencies to update all endpoint computers running Windows Server within 24 hours (by 2:00 pm EST, Friday, July 17, 2020).

These requirements apply to Windows Servers in any information system, including information systems used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information.

The Federal authority also makes a clear statement about the gravity of the potential exploitation of this vulnerability:

CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action. This determination is based on the likelihood of the vulnerability being exploited, the widespread use of the affected software across the Federal enterprise, the high potential for a compromise of agency information systems, and the grave impact of a successful compromise.

If you have any thoughts about this, please lay them down in our Comments section below.

Still having issues? Fix them with this tool:

SPONSORED

If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: