Cyber warning: Vulnerability in Windows DNS Server

One of our specialist cyber insurance partners, CFC Underwriting, has advised of a critical vulnerability in the Windows DNS server that allows cybercriminals to gain widespread access to company systems. As this affects all Windows users, they strongly advise implementing software patches immediately.

 What could it mean to you or your company?

This vulnerability, if exploited, could result in your network traffic being compromised. All data travelling across your network, including personally identifiable information (PII), could be intercepted and read without your knowledge.

What is the vulnerability?

‘SIGRed’ (CVE-2020-1350) is a critical vulnerability with the most serious Common Vulnerability Scoring System (CVSS) base score of 10, that affects Windows DNS Server versions 2003-2019. The vulnerability is wormable meaning that is can spread throughout the network without human interaction. If exploited successfully, an attacker is granted Domain Administrator rights, and this would effectively compromise the entire corporate infrastructure.

What is DNS?

DNS (Domain Name System) is often referred to as the internet phonebook used for translating humanized computer host names into IP addresses, making it a core component of internet infrastructure. Although there are various implementations of DNS, Microsoft uses the Windows DNS Server, and this is a required component in all Windows environments.

How can it be fixed?

Microsoft recommends that a patch be implemented as soon as possible. Patches for your particular Windows operating system can be found here. From this link, you’ll also find guidance from Microsoft on a workaround for those who may not be able to patch immediately.

Where can I find more information?

Full details of the vulnerability, patching and a workaround can be found here. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

Information on the discovery and technical aspects of it can be found here. https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers

Real Insurance are advising all clients to ensure they have robust cyber insurance cover in place, given the increased number of attacks and the current climate. Please call 0330 058 0260 or contact your account handler for a complimentary cyber risk review.