DHS CISA issued an emergency directive yesterday, instructing all government agencies to USA develop, within 24 hours, patches or mitigations for a critical bug in Windows Server DNS. The emergency directive calls on the country's government agencies to fix a bug known as SIGRed, which was identified by Check Point researchers. THE Microsoft products was released updates for this bug within the week.
The bug affects the DNS server component that shipped with all versions of Windows Server from 2003 to 2019. SIGRed can be exploited to run malware code on a Windows Server that has the DNS server component enabled. Microsoft states that this bug can be used for self-replicating attacks that will spread across the Internet or even organizations.
In a press release released yesterday, CISA Director Christopher Krebs said the bug was of particular interest to DHS, the US agency responsible for overseeing the security of US government networks. Thus, he urged the government services to do patch on the servers as soon as possible, asking the private sector to do the same.
In addition, CISA cited the possibility of exploiting the "SIGRed" bug, the widespread use of the affected software throughout the federal government network, the high risk of information breach systems services as well as the serious impact that a successful one will have infringement, wanting to justify its move to issue an emergency directive, as this is a form of alert issued in extremely rare cases.
Emergency Directive ED 20-03 Required U.S. Agencies to Install Updates security of July 2020 released by Microsoft, within 24 hours, ie until today, Friday, July 17, 2020, 2:00 p.m. EDT, if they are running Windows Server instances with a DNS role. If security updates cannot be installed, CISA requires organizations to develop a registry modification workaround described in detail in Microsoft SIGRed Advisory (CVE-2020-1350). Organizations then have another week to remove the workaround and apply the security update. The servers that cannot be updated must be removed from an organization's network, according to CISA.
The bug identified as CVE-2020-1350 is one of many bugs discovered this month, receiving a 10/10 severity score on the CVSSv3 severity scale. Other similar dangerous bugs that are easy to use over the Internet include bugs in Palo Alto Networks PAN-OS, F5 BIG-IP networking devices, and many applications. in cloud of SAP.