Microsoft has released a critical patch addressing CVE-2020-1350, a wormable remote code execution vulnerability that exists in Microsoft’s DNS server role implementation and affects all Windows Server versions. Microsoft has given this vulnerability, named SigRed, a CVSS Base Score of 10 due to it being a wormable vulnerability, stemming from a flaw in the Microsoft DNS server implementation. Non-Microsoft DNS Servers are not affected by this vulnerability.
As one of the most popular DNS server setups in the world, it is absolutely critical to mitigate and remediate this vulnerability as soon as possible. A successful attack via specially crafted packets sent to the vulnerable Windows DNS Server could exploit the machine, allowing an unauthenticated attacker to run arbitrary code and gain full control of the system. From there, they will be able to leverage the server as a distribution point, allowing the attacker to spread malware between systems without any user interaction, as well as move laterally throughout the network.
While DNS is critical infrastructure, it is often the most neglected when it comes to updates and patching. Due to the criticality of this vulnerability, as well as the likelihood of exploit, the short-term impact of taking this service offline for an update outweighs the long-term impact of a successful exploit on the servers.
Your Plan of Attack? Update and Patch Now!
Microsoft and Automox are recommending anyone that runs a DNS server install the security update as soon as possible, which is available now in the Automox Console. If you are unable to install the patch, you can click here to get the Automox Worklet that will mitigate the issue until you are able to install the update.
This vulnerability can be addressed through the following KBs: 4565536, 4565529, 4565524, 4565537, 4565535, 4565541, 4565540, 4565511, 4558998, 4565483, 4565503.
Due to the critical nature of this patch, we do not recommend using automation services to deploy. If you have done so, establish a critical patch deployment plan that your organization can use to update your services against this and other highly critical vulnerabilities.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.