Last month, a critical vulnerability in the Windows DNS server was revealed, with the potential to allow cybercriminals to gain access and make changes to company IT systems. This vulnerability is ‘wormable’, and affects ALL Windows users, which means that immediately installing the security patch released to deal with the issue is absolutely crucial. If this is not possible straight away, then a workaround must be implemented.
What is Windows DNS Server?
The DNS (Domain Name System) is a core component of the internet. It makes it possible to match names (of websites) to numbers (IP addresses). Anything that’s connected to the internet such as a computer, a smartphone or a website, has an IP address consisting of a series of numbers.
As it’s not easy to remember series of numbers when you want to locate a website, a domain name is used instead. DNS connects domain names with IP addresses, so that humans can use the easier and more memorable names, whilst computers use the number-based IP addresses.
Windows DNS Server is a key information exchange element in all Windows operating systems.
What is the vulnerability?
The critical vulnerability, CVE-2020-1350, nicknamed ‘SIGRed’, has been labelled with the most serious Common Vulnerability Scoring System (CVSS) of 10. Compare this to the rating of 8.5 for the vulnerabilities exposed by the WannaCry attack that brought so many operating systems to their knees, and it’s clear to see how serious it really is.
Windows DNS Server versions 2003-2019 are affected, so this is a very widespread issue.
Because the vulnerability is wormable, it is able to spread via malware throughout a network, from computer to computer, without any human interaction. Potentially, it has the ability to grant a cyber attacker Domain Administrator rights, which could compromise the whole corporate infrastructure. This means that all data travelling across the network, including personally identifiable information, could be intercepted and read without anyone’s knowledge.
Whilst the SIGRed vulnerability has not so far been known to be used in active attacks, it does have huge potential to happen at some point. It is therefore absolutely vital that Windows users apply updates to address it as soon as possible. If left unpatched, Windows servers could be vulnerable to attacks.
DNS server breaches are exceptionally serious. All organisations, whatever their size, are at risk unless the security patch is installed.
What versions of Windows are affected?
Windows 10 and other client-based versions of Windows are not affected, as this vulnerability only applies to Microsoft’s Windows DNS Server.
What needs to be done to secure company IT systems?
Patch now – immediately – is the advice, and complete a registry setting change.
Microsoft has however acknowledged that this is not always possible, as larger organisations run updates in cycles, which means it could be weeks before the patch is installed.
For this reason, Microsoft has provided registry-based workarounds that do not involve re-starting the server, as well as a request to stop using particular features.
Protecting against SIGRed will likely, for most organisations, involve IT department intervention, as this is not simply a case of the usual ‘shut down and install updates’. This is a server-based issue.
Official guidance from Microsoft, including the required security updates and workaround details, can be found here on their CVE-2020-1350 page.
Updates are ALWAYS crucial
Back in January we reported on another cyber vulnerability, BlueKeep. The importance of keeping systems up to date cannot be over-emphasised.
Please do remember that Windows 7 is now out of support, which means software and security updates will no longer be provided. The official advice from Microsoft is to update to the latest version of Windows, or subscribe to the Extended Security Update programme.
Further, Office 2010 support will end on 13 October 2020. According to a survey, Office 2010 was still being used by 83 per cent of companies questioned. There is nothing to stop users staying with this version of Office, however it must be considered that technical support, software updates, bug fixes and security patches will end in October. Compatibility with newer file formats and programmes may also be affected.
To learn more and explore your options if you are still using Office 2010, visit Microsoft’s official Office 2010 End of Support page.
Cyber risk insurance
An important reminder: cyber-crime incidents are not normally covered by a commercial combined policy. It is also vital to bear in mind that not all cyber-risk insurance policies offer the same level of cover, so be sure to check what yours offers.
Specialist cyber risk insurance can, depending on the individual policy, cover you for the costs involved in handling a breach, and for putting privacy protection in place. Other options include business interruption, cyber liability, hacker damage and cyber extortion.
For the bespoke guidance you need on cyber risk insurance, we welcome you to get in touch.