SIGRed is a 17 year old ‘wormable’ vulnerability in the Windows Domain Name System (DNS) Server. The exploitation of the bug could lead to an attacker gaining full Domain Administrator privileges. Essentially having complete control of your domain, and therefore your data, user accounts and devices. What makes this attack so serious is the ease of execution, anyone with access to your network, either physically or via WIFI (think corporate and guest access) can launch the attack. The vulnerability was discovered by researchers at Check Point Software who made Microsoft aware on 19 May 2020, Microsoft released a fix on 14 July (Patch Tuesday).
How are Kriston Technology protecting you against the SIGRed vulnerability?
Using our Ktec Insight agent (Remote Monitoring and Management) agent, we were able to quickly identify all the effected servers across all of our clients. Then using its software deployment feature we were able to craft a registry patch and deploy it to the servers and restart the DNS services automatically. With our clients servers and infrastructure now in a protected state, using the Insight agent’s patch management features we confirmed which servers had been patched and protected and which required a maintenance window scheduled to apply patches.
With zero production downtime for our clients servers and only a few seconds of disruption while the DNS services restarted we were able to successfully protect all of our clients, without them even knowing and allowing them to carry on with their day to day business.
If you would like this level of IT Support for your business call Kriston Technology on 01993 880 980.
Further Reading:
Our partners over at Sophos have a great technical explanation of the bug: https://nakedsecurity.sophos.com/2020/07/15/patch-now-sigred-the-wormable-hole-in-your-windows-servers/
The official Microsoft Security Response Center post: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
The NIST Vulnerability Database entry: https://nvd.nist.gov/vuln/detail/CVE-2020-1350
CheckPoint Research: https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Comments are closed