Client advisory: Windows DNS vulnerability

Our Incident Response Team wishes to advise all insureds of a critical vulnerability in the Windows DNS server that allows cybercriminals to gain widespread access to company systems.

Cyber Advisory 2 min Fri, Oct 23, 2020

This vulnerability affects all Windows users. Our policyholders are strongly advised to implement software patches immediately.

What is DNS?

DNS, or Domain Name System, is often referred to as the internet phonebook used for translating humanized computer host names into IP addresses, making it a core component of internet infrastructure. Although there are various implementations of DNS, Microsoft uses the Windows DNS Server, and this is a required component in all Windows environments.

What is the vulnerability?

‘SIGRed’ (CVE-2020-1350) is a critical vulnerability with the most serious Common Vulnerability Scoring System (CVSS) base score of 10, that affects Windows DNS Server versions 2003-2019. The vulnerability is wormable meaning that is can spread throughout the network without human interaction. If exploited successfully, an attacker is granted Domain Administrator rights, and this would effectively compromise the entire corporate infrastructure.

What could it mean to you or your company?

This vulnerability, if exploited, could result in your network traffic being compromised. All data travelling across your network, including personally identifiable information (PII), could be intercepted and read without your knowledge.

How can it be fixed?

Microsoft recommends that a patch be implemented as soon as possible. Patches for your particular Windows operating system can be found here. From this link, you'll also find guidance from Microsoft on a workaround for those who may not be able to patch immediately.

 

Where can I find more information?

Full details of the vulnerability, patching and a workaround can be found here.

Information on the discovery and technical aspects of it can be found here.

Alternatively, you can contact the CFC Cyber Incident Response team via cyberservices@cfc.com