The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency alert late today urging Federal agencies to take fast action on a patch to fix a Microsoft Windows DNS vulnerability.
“If you have Windows Server running DNS, you should patch now. Don’t wait on this one,” said the alert issued by CISA Director Christopher Krebs.
“The last few weeks have been something else, indeed. CISA and our cybersecurity partners have responded to several major vulnerabilities such as Trek TCP/IP (Ripple 20), F5 BIG-IP Traffic Management User Interface (CVE-2020-5902), SAP, and now Microsoft Windows Server. Each of these presents its own unique risks, and our team has worked to amplify awareness of them throughout the cybersecurity community,” the alert reads.
“However, due to the wide prevalence of Windows Server in civilian Executive Branch agencies, I’ve determined that immediate action is necessary, and federal departments and agencies need to take this remote code execution vulnerability in Windows Server’s Domain Name System (DNS) particularly seriously,” Krebs said.
“Today, I directed agencies to apply the July 2020 Security Update for Windows Servers running DNS (CVE-2020-1350), or the temporary registry-based workaround if patching is not possible within 24 hours. The software update addresses a significant vulnerability where a remote attacker could exploit it to take control of an affected system and run arbitrary code in the context of the Local System Account. It is considered a ‘wormable’ vulnerability – it can run independently and propagate copies to other vulnerable systems – and affects all Windows Server versions that have the DNS role enabled,” CISA said.
“Though we are not aware of active exploitation, it is only a matter of time for an exploit to be created for this vulnerability,” Krebs warned.
He continued, “As the nation’s risk advisor, CISA takes every reasonable action to protect federal networks. This is the third time I have found it urgent enough to take this type of action and issue an Emergency Directive. While our Emergency Directive applies to federal agencies, CISA strongly recommends our partners in the private sector – as well as state, local, tribal, and territorial government – take the same actions. They should identify whether this critical vulnerability exists on their networks and assess their plan to immediately address this significant threat.”