Security experts are sounding the alarm over a new, very critical, Windows DNS security flaw dubbed “SIGRed”, or more distinctly “CVE-2020-1350”. This specific vulnerability has the rare distinction of receiving a perfect 10 severity score according to the Common Vulnerability Scoring System, or CVSS.

Microsoft themselves state regarding this vulnerability:

We consider this to be a wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction. DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts.

Details from Microsoft regarding this vulnerability can be found at the following URL:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

How to Protect Yourself

In response to the SigRed Vulnerability, Vivio is taking pro-active measures by patching clients with SysOps Subscriptions, and on-request for those without SysOps Subscriptions. If you’d like to patch this vulnerability yourself, we would highly recommend that you apply those patches as soon as possible.

If you are a SysOps Subscriber and would like Vivio to patch these vulnerabilities sooner rather than later, simply contact Vivio Support and let us know that you would like us to apply these patches right away. If you do not have SysOps Support, Vivio will patch this vulnerability for you under SysOps Support, or you can log in and apply the patches when you have time.