Skip to main content

Remote Code Vulnerability SIGRed Found in Windows DNS Server


The remote code execution (RCE) vulnerability SIGRed was uncovered this past July, and affects all Windows DNS Server clients from Windows 2003 to Windows 10. Similar to past remote access exploits like 2019’s BlueKeep, SIGRed was found to be a potentially wormable RCE security bug that could give a hacker full control of a machine. The true danger of remote code attacks, however, lies in how severe the cybersecurity gap is and if it allows the exploit to propagate across multiple computers.

Here are the key factors to know about SIGRed:

CVE-2020-1350 – Wormable Windows RCE Vulnerability

Officially labeled CVE-2020-1350 by Microsoft, the remote code execution exploit was first made public by security researchers at Check Point on July 14, 2020. Their studies identified a huge vulnerability within Windows DNS Servers, with DNS (Domain Name Systems) being the Internet directory that lists and generates your IP address from your computer hostname. This enables your browser to load Internet resources in the first place, though there are many other critical roles fulfilled by various DNS Clients.

SIGRed being wormable is what makes the severity so great, as a successful attack will grant the hacker full administrative rights for the servers, escalating the cyber threat beyond just a few machines. Additionally, the fact that it exists as far back as Windows 2003 indicates the vulnerability has existed in some form for 17 years.

CVSS 10 Score – What Does That Mean?

The Common Vulnerability Scoring System (CVSS) rarely grants a vulnerability the base score or 10.0, yet CVE-2020-1350 is considered so dangerous that Microsoft and even Homeland Security are sounding many alarms. In the latter case, the DHS’s cybersecurity division gave federal agencies only 24 hours’ notice to update and secure their Windows environments. In many ways, the longevity of SIGRed makes it even more of a risk than BlueKeep or DejaBlue, and its wormable nature puts it at the same or a worse level than the WannaCry or NotPetya ransomware.



Ensure that Your Windows Systems are Updated to Avoid SIGRed

Even Microsoft was releasing a fix for SIGRed during July 2020’s Patch Tuesday, an additional RCE exploit was found affecting SharePoint, the .NET Framework, and Visual Studio. Windows systems are frequently targets of hackers for a few key reasons, the biggest being their worldwide ubiquity. The OS as well as MS Office applications are so widely used, that any exploit opens the door to data access for tens to hundreds of millions of victims.

This prevalence also means that any bad security practice that becomes common enough – like password reusage – still nets cybercriminals a large base to target and does half of the work for them. The recurring Windows bugs and lax personal cybersecurity means that Windows is constantly having to be patched, and users who fall behind on updates run the risk of being caught up by any new vulnerability.

Let SWK Technologies Manage Your Windows Environment

Microsoft updates, unfortunately, can present a risk themselves, but allowing a managed IT service provider like SWK Technologies to oversee your Windows upgrades will help you gain better control of your system. SWK’s engineers are constantly monitoring both your network and the state of Windows’ technology, so can help you navigate the complexity of each update.

Contact SWK Technologies to hear more about what we can do for your Windows systems.

FormCraft - WordPress form builder