SIGRed: Patch your Windows Server now with WuInstall and avoid vulnerability
An unbelievable 17-year-old bug just has been awarded a CVSS severity score of 10.0 making it an extremely dangerous security hole for Windows DNS Server.
The bug, tracked as CVE-2020-1350 or also called “SigRed” relates to Microsoft Windows DNS and is wormable, meaning it can jump across unpatched machines without user interaction. Unnoticed this can lead to the compromising of the whole network of a company.
As Microsoft closed the security issue on its Microsoft Patch Tuesday, a secure patch is finally available. Still this update won’t be installed automatically.
WuInstall is a Windows patch management software, which makes it possible to install Windows Updates on demand using the command line. It allows administrators to update several workstations at once (e.g. run WuInstall in shutdown scripts) or workstations of users who turned off Windows Automatic Updates.
To clear the Windows Update cache using WuInstall, follow these easy steps:
- Open the command prompt, by hitting the Windows key and type “cmd”.
The bug was found by Check Point Researchers who also claim that an attack does not require a lot of skills, again remarking how important it is to update all Windows Server now. Still they cannot confirm if the vulnerability has been exploited yet but urge everyone to patch their machines.
The vulnerability is caused by the parsing of incoming DNS queries and the handling of forwarded DNS queries. Therefore, internal, non-public facing DNS servers can also be affected.
"This issue results from a flaw in Microsoft's DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected. Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible," Microsoft says.
To download and install the right patch on your machines, run following command in the command prompt:
wuinstall.exe /install /force /match KB... (Code for your product, see: Microsoft)
Codes: KB4565536, KB4565529, KB4565524, KB4565539, KB4565537, KB4565535, KB4565541, KB4565540, KB4565511, KB4558998, KB4565483, KB4565503
