Not rendering correctly? View this email as a web page here.
9-1-1 Cyber Alert
Alert: SIGRed Windows DNS Vulnerability

July 14th marked a very important patch rollout for Windows DNS Servers. CVE-2020-1350 (aka SIGRed) is a wormable, critical vulnerability in the Windows DNS server application which, if exploited, can give an attacker Domain Administrator rights in your network. It is possible to exploit this vulnerability with large, specially crafted responses from a malicious nameserver, even with a properly secured DNS architecture.

A demonstration of this exploit was conducted on a Windows 2012R2 server, but it is said to affect all current versions of Windows Server up through 2019 and is a 10/10 critical vulnerability for any network relying on Windows DNS.

Research source: https://blog.checkpoint.com/2020/07/14/sigred-this-is-not-just-another-vulnerability-patch-now-to-stop-the-next-cyber-pandemic/ 

Given the upward trend in ransomware attacks which first target and prioritize acquiring Domain Controller credentials, SecuLore is especially concerned for our clients in public safety. For those who may not be able to apply the patch immediately, Microsoft has issued a no-downtime registry edit workaround which mitigates the vulnerability by decreasing the maximum TCP DNS transaction size below the 64KB threshold required to trigger the exploit.

Microsoft's workaround: https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability 

Stay cyber-safe,

SecuLore Support Team

 

SecuLore Solutions is a Public Safety company focused on cybersecurity - if you have concerns about your network, please contact us at info@SecuLore.com or visit us at www.SecuLore.com

Follow us on Twitter Follow us on Linkedin Follow us on Facebook