SigRed Critical Wormable RCE Vulnerability in Windows DNS Servers – CVE-2020-1350

If you have Windows DNS server you need to patch ASAP

• 17-Year-Old Critical ‘Wormable’ RCE Vulnerability Impacts Windows DNS Servers
• Severity score of 10 out of 10 on the CVSS scale
• Affecting Windows Server versions 2003 to 2019
• CVE-2020-1350,
•Ddubbed ‘SigRed

Risk:
It could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted servers and seize complete control of an organization’s IT infrastructure.

The flaw is wormable in nature, allowing attackers to launch an attack that can spread from one vulnerable computer to another without any human interaction.

It’s possible that a single exploit can start a chain reaction that allows attacks to spread from vulnerable machine to vulnerable machine without requiring any human interaction,

 

Impact:
A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users’ emails and network traffic, make services unavailable, harvest users’ credentials and much more.

 

Fix/Solution:

Article Products KB
4565536 Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)
KB4565536
4565529 Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core)
KB4565529
4565524 Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)
KB4565524
4565539 Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core)
KB4565539
4565537 Windows Server 2012
Windows Server 2012 (Server Core)
KB4565537
4565535 Windows Server 2012
Windows Server 2012 (Server Core)
KB4565535
4565541 Windows Server 2012 R2
Windows Server 2012 R2 (Server Core)
KB4565541
4565540 Windows Server 2012 R2
Windows Server 2012 R2 (Server Core)
KB4565540
4565511 Windows Server 2016
Windows Server 2016 (Server Core)
KB4565511
4558998 Windows Server 2019
Windows Server 2019 (Server Core)
KB4558998
4565483 Windows Server, version 1903 (Server Core)
Windows Server, version 1909 (Server Core)
KB4565483
4565503 Windows Server, version 2004 (Server Core) KB4565503

 

 

Workaround:

If applying the patches is not possible, Microsoft has provided a workaround via a Windows registry modification:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
DWORD = TcpReceivePacketSize
Value = 0xFF00

In order for these changes to take effect, the DNS Service must be restarted.
Microsoft recommends removing the workaround after the patches have been applied.

 

Leave a Reply

Your email address will not be published. Required fields are marked *