SigRed Critical Wormable RCE Vulnerability in Windows DNS Servers – CVE-2020-1350
2 min read
If you have Windows DNS server you need to patch ASAP
• 17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers
• Severity score of 10 out of 10 on the CVSS scale
• Affecting Windows Server versions 2003 to 2019
• CVE-2020-1350,
•Ddubbed ‘SigRed
Risk:
It could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and seize complete control of an organization’s IT infrastructure.
The flaw is wormable in nature, allowing attackers to launch an attack that can spread from one vulnerable computer to another without any human interaction.
It’s possible that a single exploit can start a chain reaction that allows attacks to spread from vulnerable machine to vulnerable machine without requiring any human interaction,
Impact:
A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users’ emails and network traffic, make services unavailable, harvest users’ credentials and much more.
Fix/Solution:
Article | Products | KB |
4565536 | Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core) |
KB4565536 |
4565529 | Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core) |
KB4565529 |
4565524 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core) |
KB4565524 |
4565539 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core) |
KB4565539 |
4565537 | Windows Server 2012 Windows Server 2012 (Server Core) |
KB4565537 |
4565535 | Windows Server 2012 Windows Server 2012 (Server Core) |
KB4565535 |
4565541 | Windows Server 2012 R2 Windows Server 2012 R2 (Server Core) |
KB4565541 |
4565540 | Windows Server 2012 R2 Windows Server 2012 R2 (Server Core) |
KB4565540 |
4565511 | Windows Server 2016 Windows Server 2016 (Server Core) |
KB4565511 |
4558998 | Windows Server 2019 Windows Server 2019 (Server Core) |
KB4558998 |
4565483 | Windows Server, version 1903 (Server Core) Windows Server, version 1909 (Server Core) |
KB4565483 |
4565503 | Windows Server, version 2004 (Server Core) | KB4565503 |
Workaround:
If applying the patches is not possible, Microsoft has provided a workaround via a Windows registry modification:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
DWORD = TcpReceivePacketSize
Value = 0xFF00
In order for these changes to take effect, the DNS Service must be restarted.
Microsoft recommends removing the workaround after the patches have been applied.