SIGRed is a new critical vulnerability in Windows Server. How to protect yourself?

Just the other day Check Point experts discovered a new vulnerability in DNS servers based on Windows. Those. almost every corporate network is in danger. The name of this vulnerability is CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability. CVSS Score – 10.0. According to Microsoft, absolutely all versions of Windows Server are affected.
The vulnerability is aimed at buffer overflow and practically does not require user participation. Under the cut you will find a video with the implementation of this attack, its detailed description, and most importantly, how to protect yourself right now.

Attack video

Short description

How to protect yourself?

Method 1: Update

Urgently install update on Windows Server, which acts as a DNS server.

Method 2. Workaround

If now it is not possible to install the update, then you can reduce the maximum length of DNS messages, which eliminates buffer overflows.

reg add “HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services DNS Parameters” / v “TcpReceivePacketSize” / t REG_DWORD / d 0xFF00 / f net stop DNS && net start DNS

Method 3. IPS

If you use IPS on the network perimeter (for example, as part of a UTM or NGFW solution), then make sure that you have a signature (it may come after an update). This is how it looks in Check Point:

It must be Prevent. If you need help setting up – write.

We will try to update the information as they become available. Stay tuned for updates in our channels (Telegram, Facebook, VK, TS Solution Blog)!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *