Digital Forensics & Incident Response Strategic Services Advanced Testing Services Managed Security Services
July 14, 2020
CBI Security Alert: ‘SigRed’ Windows DNS Server Remote Code Execution Vulnerability

What is SigRed?

The 17-year-old ‘SigRed’ vulnerability allows remote attackers to gain domain administrator privileges.  Attackers can send malicious DNS queries to a Windows DNS server to execute remote code. If successful, the attacker would be able to intercept email and network traffic as well as credentials.

This vulnerability is particularly dangerous as it is wormable and would allow attackers to spread from one machine to another.

The SigRed vulnerability has a CVS score of 10.

Affected Environments

Windows DNS servers

Cause of Issue

The attack cleverly takes advantage of DNS name compression in DNS responses to create a buffer overflow using the technique to increase the allocation’s size by a significant amount. This attack can also be triggered from the browser by hiding the malicious DNS query inside of HTTP request.

Remediation

A patch was released from Microsoft in todays security rollup. If you are not able to install the patch, a temporary workaround is that the maximum length of a DNS message (over TCP) can be set to “0xFF00” to eliminate the chances of a buffer overflow:

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters” /v “TcpReceivePacketSize” /t REG_DWORD /d 0xFF00 /f net stop DNS && net start DNS

Contact CBI today for more information or for remediation assistance. 

Resources:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

https://thehackernews.com/2020/07/windows-dns-server-hacking.html

About the Author
CBI | Cybersecurity Solutions
CBI Cybersecurity
CBI is a leading cybersecurity advisor to many of the world’s top tier organizations. Founded in 1991, CBI provides innovate, flexible and customizable solutions that help ensure data is secure, compliant and available. We engage in an advisory-led approach to safeguard our clients against the ever-changing threat landscape—giving them comprehensive visibility into their entire security program and helping them avoid cyber challenges before they can impact their data, business and brand. We are dedicated to the relentless pursuit of mitigating risks and elevating corporate security for a multitude of industries and companies of all sizes.
I Need To...
S
Safeguard my data and my brand
Solutions
E
Envision my cybersecurity program
Digital Forensics & Incident Response
C
Comply with regulations
Strategic Services
U
Uncover what I have
Advanced Testing Services
R
Run my cybersecurity operations
Managed Security Services
E
Elevate my business
Why CBi