Logo: Microsoft // Composition: ZDNet
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) today issued an emergency directive that instructs all government agencies to implement patches or mitigations for a critical error in Windows Server within the next 24 hours.
The emergency directive urges agencies to patch a vulnerability known as SIGRed, discovered by Check Point researchers, for which Microsoft released updates this week, during its Patch Tuesday window.
The bug affects the DNS server component that ships with all versions of Windows Server from 2003 to 2019.
SIGRed can be exploited to execute malicious code on a Windows server with its DNS server component active. The bug is also “transmissible” according to Microsoft’s assessment, which means it can be abused by self-replicating attacks that spread across the Internet or within organizations.
In a press release today, CISA Director Christopher Krebs said the error is of particular interest to DHS, the US agency in charge of overseeing the security of the US government’s IT networks. The US urged federal agencies to patch servers as soon as possible, but also asked the private sector to do the same.
CISA cited the likelihood of the SIGRed vulnerability being exploited, the widespread use of affected software on the federal government network, the high potential for a compromise of the agency’s information systems and the serious impact of a successful compromise as reasons for push today’s emergency directive. , a type of alert that is issued only in rare situations.
The emergency directive ED 20-03 requires agencies to install Microsoft security updates for July 2020 within the next day, before Friday, July 17, 2020 at 2:00 pm EDT, if agencies are running instances of Windows Server with built-in DNS.
If security updates cannot be installed, CISA requires agencies to implement a detailed registry modification workaround detailed in the Microsoft SIGRed notice (CVE-2020-1350).
Then agencies have another week to remove the solution and apply the security update. Servers that cannot be upgraded should be removed from an agency’s network, CISA said.
As of this writing, there is no publicly available proof-of-concept code for the SIGRed vulnerability, which has delayed the start of active exploitation.
The CVE-2020-1350 vulnerability is one of several vulnerabilities disclosed this month that received a severity score of 10 out of 10 on the CVSSv3 severity scale.
Other equally dangerous vulnerabilities that are easy to exploit over the Internet include bugs in the Palo Alto Networks PAN-OS operating system, F5 BIG-IP network devices, and many SAP cloud applications.
