Attention: Electra Announcement Regarding CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability

Recently, an important vulnerability in the Microsoft Windows DNS Server was announced. This note describes Electra’s response to these problems.

Problem Description

Quoting from https://www.csoonline.com/article/3567188/wormable-dns-flaw-endangers-all-windows-servers.html:

The vulnerability, tracked as CVE-2020-1350, was discovered by researchers from Check Point Software Technologies, who dubbed it SIGRed, a play on the vulnerable function name that handles DNS SIG queries. The flaw received the maximum CVSS severity score of 10, making it critical, and according to Microsoft, it's wormable.

Mitigation


There are two possible mitigations to this attack:

1. A registry change
2. System patching

Electra has elected to patch its systems, which it did over the previous weekend.

As a practical matter, to date, no known exploitation has been taken of this vulnerability. 

We take the responsibility of keeping your information protected very seriously at Electra, and assure you that:

1. Your account is secure.
2. Your account details were not exposed in the past and will remain secure.
3. You do not need to take additional action to safeguard your information.
4. There is no need to change your password.

 

 

Leave a suggestion

Client Testimonials

Tammy L. Johnson, Globeflex Capital L.P.
We’ve now been a client for over 11 years and the relationship remains strong. Electra keeps us well informed, continuously innovating and adding functionality. Electra provides information on the latest versions which allows us to take advantage of the latest enhancements as our business requirements change and evolve.
Tammy L. Johnson, Globeflex Capital L.P.

GET MORE INFO

Get more information or schedule a product demo. Someone from our team will contact you promptly.