An updated article can be found here 👈👈
Vulnerability CVE-2020-1350 codename SIGRed has been released into the wild.
You are most likely at risk.
This vulnerability affects all versions of Windows Server from 2003 to 2019 running the DNS role – meaning those folks out there running Active Directory should patch immediately before this paralyzes your operations.
What we know
Details about the SIGRed vulnerability are still being released. Key information that has been released so far is:
- Discovered May 2020 and disclosed to Microsoft through the vulnerability disclouse project
- Has a CVSS score of 10 (the highest rating a vulnerability can receive)
- Affects all Windows Server versions 2003-2019 running the DNS role
- Code being executed by this vulnerability will run as the System (super admin)
- Has not been observed being exploited in the wild, but security researchers suggest it is only a matter of time
- Can lead to full system compromise without any authentication, and has wormable potential
Am I safe? Probably not
Not yet anyway.
If you are running Active Directory on Windows Server 2003-2019 you are at risk. Given 95% of all enterprises run Active Directory you probably fall into this category.
If you are not in charge of patching these systems, you should drop your friendly IT folks a Teams message.
Patching is a challenge
Security is a bigger challenge. If you don’t have a friendly IT folk to help you out, reach out to Jinba and we will keep you safe.
Need help wrangling the patch management beast? Don’t know where to start?
Drop Jinba a line and let’s stay safe together.
Still Curious? Keep reading
All relevant information can be found through the links below
- CVE-2020-1350 Detail
- SIGRED – RESOLVING YOUR WAY INTO DOMAIN ADMIN: EXPLOITING A 17 YEAR-OLD BUG IN WINDOWS DNS SERVERS
- Windows DNS Server Remote Code Execution Vulnerability
Need to wrangle the patching beast?
Team up with Jinba and operate with confidence.