Microsoft’s “Patch Tuesday” has created a vulnerability. While this isn’t a shock, as patches tend to reveal such things – CVE-2020-1350, what would come to be known as SIGRed, has raised alarm flags as it is wormable – easy to move within networks, and easy to use – a deadly combination in the world of computers.
Microsoft has looked into and backed up the claim that the vulnerability affects all versions of Windows Server.
This item is so risky that the U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive that all agencies must patch the issue or face a fine.
Why So Dangerous?
SIGRed was discovered by Check Point – what is it exactly? Well, it’s important to understand the basics. The Windows Domain Name System (DNS) service implementation is the core root of the problem. The DNS service often crosses machines on a network, meaning that due to its connections like the roots of a tree, an infection can quickly climb through the ladders of a system, both up and down, infecting as it goes
So, what did CISA say in in the emergency directive?
Emergency directive 20-03 has been signed by Christopher C. Krebs, the director of CISA. “-determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch,” and therefore “requires an immediate and emergency action.””
If an agency uses a Windows Server in any capacity other than DNS, they’ve been warned – mitigate the risk by July 24 or be slapped with a fine. What’s the way to mitigate? Apply the 2020 Windows update for July, or follow through with a registry modification workaround given out by Microsoft.
You’ve got that right, that’s less than 24 hours. Hope their IT guy is ready!
“-any information system, including information systems used or operated by another entity on behalf of an agency, that collects, processes, stores, transmits, disseminates, or otherwise maintains agency information.” Are applicable, according to the directive, so, agencies will have to work double-time in complex networks to meet the demand.
While this directive itself applies only to relevant U.S. Executive Branch departments and agencies, CISA is looking at state and local governments to do the same. Refusing or lacking to do so can possibly lead to some very costly cleanups.