{"id":9896,"date":"2020-07-23T05:48:04","date_gmt":"2020-07-23T09:48:04","guid":{"rendered":"https:\/\/tsisupport.com\/?p=9896"},"modified":"2021-08-09T06:08:09","modified_gmt":"2021-08-09T10:08:09","slug":"a-17-year-old-vulnerability-was-just-discovered-in-windows-server-heres-what-you-need-to-know-next","status":"publish","type":"post","link":"https:\/\/tsisupport.com\/tsistaging\/?p=9896","title":{"rendered":"Vulnerable Software: A 17-Year-Old Vulnerability Was Just Discovered in Windows Server"},"content":{"rendered":"<p><strong>Meet SIGRed<\/strong><\/p>\n<p><a href=\"https:\/\/blog.vulcan.io\/what-is-the-sigred-vulnerability-cve-2020-1350-and-how-to-remediate-it\">First \u201cdiscovered\u201d in July of 2020<\/a>, SIGRed is a very particular type of vulnerability in the Windows DNS Server environment called an RCE, or remote code execution. This means that it can be triggered by an attacker with little more than a malicious DNS response. Believe it or not, it&#8217;s actually been around for 17 years and impacts all Microsoft O\/S from Server 2003 all the way up to 2019. So, while the news of SIGRed is new, the vulnerability itself isn&#8217;t. According to warnings from both Check Point and Microsoft, <a href=\"https:\/\/www.wired.com\/story\/sigred-windows-dns-flas-wormable\/https:\/www.wired.com\/story\/sigred-windows-dns-flas-wormable\/\">SIGRed is worthy of a &#8220;10 out of 10&#8221; designation on the common vulnerability scoring system<\/a>, which means that this is absolutely something you&#8217;re going to want to stop and pay attention to.<\/p>\n<p>The issue here is that Windows DNS software often runs on domain controllers that set the rules for the types of networks your business is probably using. So, many of the machines connected to those networks are particularly sensitive &#8211; meaning that an attacker who gets into one via this avenue will almost certainly, be able to get into the rest of your environment in due time.<\/p>\n<p>To give you a little bit of an idea of how this works, consider how easy it would be for someone in your organization to click on a phishing link or run a suspicious attachment in an email. It&#8217;s something that happens every day and more often than we\u2019d like to see. If that particular attacker is taking advantage of SIGRed, they&#8217;d be granted network privileges almost immediately. Add this to any type of ransomware and the situation quickly escalates to catastrophic levels. From there, it can start infecting backups, network shares, other people&#8217;s computers &#8211; you name it. It&#8217;s a snowball effect in the worst possible way.<\/p>\n<p>Or, an attacker could potentially pair SIGRed with something like a key logger \u2013 a tool that lets them see literally anything you type on your computer. At that point, they&#8217;re probably no longer than a full business day away from getting the passwords to all of your important accounts on top of some other hacker favorites such as your bank account or credit card information. At that point, they\u2019ll like be able to learn all they need to know about your customers as well so that they can move onto those fresh new targets, too. The reputation damage to your business alone would be catastrophic &#8211; to say nothing of how huge the monetary damage-and liabilities- would quickly grow.<\/p>\n<p>Although it may be disheartening to learn about these highly critical, surprise issues, its best to remember that there will always be these types of vulnerabilities with any long-standing platforms. What\u2019s most important is having the support resources available that can \u2018keep their ears to the ground\u2019 to proactively identify them as they arise so they can be addressed before compromising your organization\u2019s security posture.<\/p>\n<p><strong>Here&#8217;s What You Need to Do Next<\/strong><\/p>\n<p>The good news is that Microsoft has already released a patch for the SIGRed vulnerability for all impacted Windows Server versions that can be downloaded and deployed right now. In absolutely no uncertain terms, if you have a DNS server, you need this patch.<\/p>\n<p>TSI\u2019s clients will be pleased to know that we have a comprehensive methodology in place to address these types of critical vulnerabilities as they do occur from time to time. Their servers have since been patched, but if you&#8217;re not a TSI customer and haven\u2019t heard from your IT provider or IT staff, this is something you should address ASAP.<\/p>\n<p>If nothing else, let this be an invaluable lesson to all of us. Vulnerabilities are out there and they&#8217;ll always be out there because no software-notably Microsoft O\/s- are perfect. Thankfully, most are discovered pretty quickly, but sometimes even major ones like SIGRed are allowed to remain out in the world for nearly two decades, just waiting to be exploited. Is this situation rare and pretty unprecedented? Absolutely. But as the old saying goes &#8211; &#8220;the only thing you don&#8217;t know is what you don&#8217;t know.&#8221;<\/p>\n<p>As an MSP\/MSSP, if there\u2019s at least one security practice that every company should have, is to have- at the very least- the systems in place to make sure their software and operating systems are regularly updated with a readily available resource prepared for any unanticipated update requirements.<\/p>\n<p>Developers regularly release updates and patches that do more than just tweak the graphical user interface or add new features, they also patch security loopholes and other issues that be used to take seriously compromise your organization. Once the information about those security &#8220;weak points&#8221; are out in the wild, it&#8217;s only a matter of time before it becomes a major vulnerability to be taken advantage of by someone who can easily determine if you\u2019ve taken the appropriate steps to update and safeguard your network. Applying critical system updates as soon as you\u2019re able to be the best way to make sure that doesn&#8217;t happen to you.<\/p>\n<p>But even then&#8230; it isn&#8217;t a guarantee that your environment is 100% secure. We&#8217;ve always known this to be true, and SIGRed has been a sobering reminder of that fact.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Meet SIGRed First \u201cdiscovered\u201d in July of 2020, SIGRed is a very particular type of vulnerability in the Windows DNS Server environment called an RCE, or remote code execution. This means that it can be triggered by an attacker with little more than a malicious DNS response. Believe it or not, it&#8217;s actually been around&hellip;<\/p>\n","protected":false},"author":7,"featured_media":9898,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[20],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>A 17-Year-Old Vulnerable Software Was Just Discovered | TSI<\/title>\n<meta name=\"description\" content=\"Following the discovery of a new Microsoft Windows vulnerability, learn what your next steps should be to protect yourself, your business, and your data.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A 17-Year-Old Vulnerable Software Was Just Discovered | TSI\" \/>\n<meta property=\"og:description\" content=\"Following the discovery of a new Microsoft Windows vulnerability, learn what your next steps should be to protect yourself, your business, and your data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/tsisupport.com\/tsistaging\/?p=9896\" \/>\n<meta property=\"og:site_name\" content=\"TSI Support\" \/>\n<meta property=\"article:published_time\" content=\"2020-07-23T09:48:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-09T10:08:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2020\/07\/A-17-Year-Old-banner.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1140\" \/>\n\t<meta property=\"og:image:height\" content=\"380\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeremy Louise\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeremy Louise\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=9896\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/?p=9896\",\"name\":\"A 17-Year-Old Vulnerable Software Was Just Discovered | TSI\",\"isPartOf\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=9896#primaryimage\"},\"image\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=9896#primaryimage\"},\"thumbnailUrl\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2020\/07\/A-17-Year-Old-banner.jpg\",\"datePublished\":\"2020-07-23T09:48:04+00:00\",\"dateModified\":\"2021-08-09T10:08:09+00:00\",\"author\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/48ad37aeeae9afb7d52479029f14f926\"},\"description\":\"Following the discovery of a new Microsoft Windows vulnerability, learn what your next steps should be to protect yourself, your business, and your data.\",\"breadcrumb\":{\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=9896#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/tsisupport.com\/tsistaging\/?p=9896\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=9896#primaryimage\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2020\/07\/A-17-Year-Old-banner.jpg\",\"contentUrl\":\"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2020\/07\/A-17-Year-Old-banner.jpg\",\"width\":1140,\"height\":380,\"caption\":\"A 17-Year-Old-banner\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/?p=9896#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/tsisupport.com\/tsistaging\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerable Software: A 17-Year-Old Vulnerability Was Just Discovered in Windows Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#website\",\"url\":\"https:\/\/tsisupport.com\/tsistaging\/\",\"name\":\"TSI Support\",\"description\":\"TSI - Technical Support International\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/tsisupport.com\/tsistaging\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/48ad37aeeae9afb7d52479029f14f926\",\"name\":\"Jeremy Louise\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e2a1c4b01ee6c09554d8f086ff657b1a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e2a1c4b01ee6c09554d8f086ff657b1a?s=96&d=mm&r=g\",\"caption\":\"Jeremy Louise\"},\"url\":\"https:\/\/tsisupport.com\/tsistaging\/?author=7\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A 17-Year-Old Vulnerable Software Was Just Discovered | TSI","description":"Following the discovery of a new Microsoft Windows vulnerability, learn what your next steps should be to protect yourself, your business, and your data.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"A 17-Year-Old Vulnerable Software Was Just Discovered | TSI","og_description":"Following the discovery of a new Microsoft Windows vulnerability, learn what your next steps should be to protect yourself, your business, and your data.","og_url":"https:\/\/tsisupport.com\/tsistaging\/?p=9896","og_site_name":"TSI Support","article_published_time":"2020-07-23T09:48:04+00:00","article_modified_time":"2021-08-09T10:08:09+00:00","og_image":[{"width":1140,"height":380,"url":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2020\/07\/A-17-Year-Old-banner.jpg","type":"image\/jpeg"}],"author":"Jeremy Louise","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jeremy Louise","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/tsisupport.com\/tsistaging\/?p=9896","url":"https:\/\/tsisupport.com\/tsistaging\/?p=9896","name":"A 17-Year-Old Vulnerable Software Was Just Discovered | TSI","isPartOf":{"@id":"https:\/\/tsisupport.com\/tsistaging\/#website"},"primaryImageOfPage":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?p=9896#primaryimage"},"image":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?p=9896#primaryimage"},"thumbnailUrl":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2020\/07\/A-17-Year-Old-banner.jpg","datePublished":"2020-07-23T09:48:04+00:00","dateModified":"2021-08-09T10:08:09+00:00","author":{"@id":"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/48ad37aeeae9afb7d52479029f14f926"},"description":"Following the discovery of a new Microsoft Windows vulnerability, learn what your next steps should be to protect yourself, your business, and your data.","breadcrumb":{"@id":"https:\/\/tsisupport.com\/tsistaging\/?p=9896#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/tsisupport.com\/tsistaging\/?p=9896"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/tsisupport.com\/tsistaging\/?p=9896#primaryimage","url":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2020\/07\/A-17-Year-Old-banner.jpg","contentUrl":"https:\/\/tsisupport.com\/tsistaging\/wp-content\/uploads\/2020\/07\/A-17-Year-Old-banner.jpg","width":1140,"height":380,"caption":"A 17-Year-Old-banner"},{"@type":"BreadcrumbList","@id":"https:\/\/tsisupport.com\/tsistaging\/?p=9896#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/tsisupport.com\/tsistaging\/"},{"@type":"ListItem","position":2,"name":"Vulnerable Software: A 17-Year-Old Vulnerability Was Just Discovered in Windows Server"}]},{"@type":"WebSite","@id":"https:\/\/tsisupport.com\/tsistaging\/#website","url":"https:\/\/tsisupport.com\/tsistaging\/","name":"TSI Support","description":"TSI - Technical Support International","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/tsisupport.com\/tsistaging\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/48ad37aeeae9afb7d52479029f14f926","name":"Jeremy Louise","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/tsisupport.com\/tsistaging\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e2a1c4b01ee6c09554d8f086ff657b1a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e2a1c4b01ee6c09554d8f086ff657b1a?s=96&d=mm&r=g","caption":"Jeremy Louise"},"url":"https:\/\/tsisupport.com\/tsistaging\/?author=7"}]}},"_links":{"self":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/posts\/9896"}],"collection":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9896"}],"version-history":[{"count":0,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/posts\/9896\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=\/wp\/v2\/media\/9898"}],"wp:attachment":[{"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9896"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9896"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tsisupport.com\/tsistaging\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9896"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}