U.S. Government Issues Emergency Patch Management Directive
Even with the most stringent patch management schedule in place, there are some that require more attention than others. Considering healthcare organizations have a spotlight shining on them in every way imaginable, an urgent patching need specifically affecting this sector is going to require extra attention.
The Cybersecurity and Infrastructure Security Agency has released Emergency Directive 20-03 addressing a critical vulnerability — CVE-2020-1350 — affecting all versions of Windows Server with the Domain Name System role enabled. Through this vulnerability, a remote attacker could take control of an affected system. This vulnerability is also considered “wormable” because malware exploiting it on a system could, without user interaction, propagate to other vulnerable systems.
Microsoft’s Patch Tuesday list reported the SIGred vulnerability, stating it resides in the DNS server role implementation. A hacker can exploit the flaw by triggering a malicious DNS response as it runs in the elevated privileges system. If the hacker gains rights as a Domain Administrator, they could intercept and manipulate user emails and network traffic, harvest user credentials and change the availability of services.
This vulnerability exists in Windows Server 2003 versions through to 2019 versions, configured as DNS servers.
Although the directive applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector and others patch this critical vulnerability as soon as possible.
Your best bet for your patch management is to entrust an IT consultant like 2W Tech, especially since we specialize in security solutions. We can guide your patching needs to ensure everything is running smoothly with minimal downtime while keeping interoperability in place. 2W Tech is a technology service provider that specializes in solutions for the manufacturing industry. We are also a Microsoft Gold Partner. Contact us today for more information.