Recently, an important vulnerability in the Microsoft Windows DNS Server was announced. This note describes Electra’s response to these problems.
The vulnerability, tracked as CVE-2020-1350, was discovered by researchers from Check Point Software Technologies, who dubbed it SIGRed, a play on the vulnerable function name that handles DNS SIG queries. The flaw received the maximum CVSS severity score of 10, making it critical, and according to Microsoft, it's wormable.
There are two possible mitigations to this attack:
1. A registry change
2. System patching
Electra has elected to patch its systems, which it did over the previous weekend.
As a practical matter, to date, no known exploitation has been taken of this vulnerability.
We take the responsibility of keeping your information protected very seriously at Electra, and assure you that:1. Your account is secure.
2. Your account details were not exposed in the past and will remain secure.
3. You do not need to take additional action to safeguard your information.
4. There is no need to change your password.