Sunday, January 24, 00:20
Home security DHS CISA: "Bug on Windows Server DNS to receive patch within 24 ...

DHS CISA: "Bug on Windows Server DNS to receive patch within 24 hours"

DHS CISA issued an emergency directive yesterday, instructing all government agencies to USA develop, within 24 hours, patches or mitigations for a critical bug in Windows Server DNS. The emergency directive calls on the country's government agencies to fix a bug known as SIGRed, which was identified by Check Point researchers. THE Microsoft was released updates for this bug within the week.

DHS CISA

The bug affects the DNS server component that shipped with all versions of Windows Server from 2003 to 2019. SIGRed can be exploited to run malware code on a Windows Server that has the DNS server component enabled. Microsoft states that this bug can be used for self-replicating attacks that will spread across the Internet or even organizations.


In a press release released yesterday, CISA Director Christopher Krebs said the bug was of particular interest to DHS, the US agency responsible for overseeing the security of US government networks. Thus, he urged the government services to do patch on the servers as soon as possible, asking the private sector to do the same.

DHS CISA


In addition, CISA cited the possibility of exploiting the "SIGRed" bug, the widespread use of the affected software throughout the federal government network, the high risk of information breach systems services as well as the serious impact that a successful one will have infringement, wanting to justify its move to issue an emergency directive, as this is a form of alert issued in extremely rare cases.

government services patch in bug

Emergency Directive ED 20-03 Required U.S. Agencies to Install Updates security of July 2020 released by Microsoft, within 24 hours, ie until today, Friday, July 17, 2020, 2:00 p.m. EDT, if they are running Windows Server instances with a DNS role. If security updates cannot be installed, CISA requires organizations to develop a registry modification workaround described in detail in Microsoft SIGRed Advisory (CVE-2020-1350). Organizations then have another week to remove the workaround and apply the security update. The servers that cannot be updated must be removed from an organization's network, according to CISA.


The bug identified as CVE-2020-1350 is one of many bugs discovered this month, receiving a 10/10 severity score on the CVSSv3 severity scale. Other similar dangerous bugs that are easy to use over the Internet include bugs in Palo Alto Networks PAN-OS, F5 BIG-IP networking devices, and many applications. in cloud of SAP.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

Instagram: How to enable notifications for specific profiles

There are some profiles on Instagram where you want to see the content they publish as soon as possible - it can be a news ...
00:01:55

NASA's historic launch pad is to be demolished

NASA's famous Mobile Launcher Platform-2 launch platform, which has been linked to the Apollo and Space Shuttle missions, ...
00:02:12

Elon Musk: Gives $ 100 million for best CO2 capture technology

https://www.youtube.com/watch?v=Y0iUZc30vj4 Ο Elon Musk δήλωσε χθες, στο λογαριασμό του στο Twitter, ότι σκοπεύει να δώσει 100 εκατομμύρια...

How can you unblock sites and services using a VPN?

The Internet is free and open to all. However, there are some sites and services whose content is blocked, which ...

Google Chrome: How to manage your extensions?

Google Chrome extensions can be very useful, as they improve your productivity when using the browser.

Intel CPUs Review: Core i7-10700 vs Core i7-10700K!

Over the years, the Intel series of processors (CPUs) introduced the series of overclocking models "K" and more recently the series ...

The DeLorean can return as an electric car

The DMC DeLorean has been out of production for almost 40 years, but it looks like the iconic vehicle will return as an electric car.

Windows RDP servers are used to support DDoS

Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to reinforce the unwanted ...

SEPA: He refused to pay a ransom and thousands of files were leaked

Thousands of stolen files of the Scottish Environmental Protection Agency (SEPA) have been published by hackers, after the organization refused to pay the ransom ...

Fines at Valve, Capcom and Zenimax for geo-exclusion of games

Following a European Commission investigation, a group of video game publishers was fined € 7,8 million following allegations of geo-exclusion practices. In...