Microsoft and Check Point Warn of a ‘Wormable’ 17-Year-Old Bug Found in Windows DNS

Laptop with virus infecting other laptops

The vulnerability, found by Israeli Security Firm Check Point, resides in Microsoft’s domain name system protocol (DNS). The bug handles data used for key exchange in DNSSEC – the secure version of Windows DNS. Fortunately, Microsoft has already released a fix for the bug – which has been termed SigRed. Check Point has stated that SigRed was rated “critical, a 10 out of 10 on the common vulnerability scoring system, an industry-standard severity rating.” It has received the maximum rating due to its ‘wormable’ capabilities, allowing cybercriminals to potentially leverage it and “spread [it] from one machine to another with no human interaction.” SigRed can be transformed into the next WannaCry – A cryptoworm attack that created worldwide havoc in 2017. Microsoft has advised that every company take immediate action in patching the vulnerability. Adding on to the severity of the situation, SigRed has existed in Window’s DNS since 2003, virtually placing the majority of small and medium-sized enterprises around the globe at risk.

A statement from Chris Cartwright, Alvaka’s Senior Systems Architect

“Companies need to stay vigilant on their patching and also be aware to such issues [SigRed] by subscribing and reading security blogs daily.” – Chris Cartwright

We at Patchworx advise our clients, and others reading this blog, to immediately use Microsoft’s patch for Windows DNS if you haven’t done so already. If your IT department struggles to properly execute security patching do not hesitate to contact our qualified staff. We can guarantee your patches have been applied correctly and on time through our Patchworx solution

Original article from Wired.ComHack Brief: Microsoft Warns of 17-Year-Old ‘Wormable’ Bug

More information from ZDNetDHS CISA tells government agencies to patch Windows Server DNS bug within 24h

If you have any questions or concerns, or need help, please reach out to Patchworx at (844) 957-2824. We operate 24x7x365 with all US based personnel.

Microsoft WSUS Consultant

WSUS Consulting Services

Software update service for system administrators to manage Microsoft product updates

SCCM Consulting Services

Systems management software for managing large numbers of computers running multiple operating systems and application.

We utilize a proven 31-step patching process.

*Diagram represents a portion of our process

Patch Management As A Service

FREE Webinar Every Thursday
from 10:00 - 11:00 AM. PST

RSVP Early - Limited Seats

$250K Cyber Insurance Coverage

Our integrated insurance coverage and breach response services includes $250,000 of cyber liability insurance (annual aggregate) with $0 deductible.

As a Patchworx℠ client, you will be protected for the cost of an actual or suspected violation of a privacy regulation due to a security breach that results in the unauthorized release of protected personal information (PPI) up to the policy limits.

PPI is defined as any private, non-public information of any kind in the merchant’s care, custody or control. This coverage territory is worldwide and is backed by a carrier rated A+ by AM Best.