fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Windows DNS SIGRed Bug Gets First Public RCE PoC Exploit

Windows DNS SIGRed Bug Gets First Public RCE PoC Exploit

A working proof-of-concept (PoC) exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability.

Microsoft issued security updates to address the security flaw tracked as CVE-2020-1350 on July 14, 2020, together with a registry-based workaround that helps protect affected Windows servers from attacks.

SIGRed has existed in Microsoft’s code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.

The flaw was classified by Microsoft as wormable, indicating that malware exploiting it might be able to spread automatically between vulnerable machines on the network with no user interaction.

This places it in the same risk category as the Remote Desktop Protocol (RDP) BlueKeep bug and the EternalBlue flaw in Server Message Block (SMB).

Following successful SIGRed exploitation against domain controller (DC) servers running DNS, unauthenticated attackers can achieve remote code execution as SYSTEM.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

Tested against multiple Windows Server versions

Grapl lead security researcher Valentina Palmiotti, who shared the PoC, also published a write-up with details on the methods used by the exploit.

“If exploited carefully, attackers can execute code remotely on the vulnerable system and gain Domain Admin rights, effectively compromising the entire corporate infrastructure,” Palmiotti explained.

The working PoC exploit (12) has been tested successfully against unpatched 64-bit versions of Windows Server 2019, 2016, 2012R2, and 2012.

Admins who haven’t yet patched their servers and can’t immediately deploy the necessary security updates can apply Microsoft’s workaround fix (doesn’t require a restart).

Palmiotti’s write-up also includes information on how to create SIEM rules to detect SIGRed exploitation.

The researcher shared a video demo showcasing the SigRed CVE-2020-1350 RCE exploit in action.

Publicly available SIGRed DoS exploits

SIGRed PoC exploits were published before, with scripts designed to trigger denial-of-service (DoS) conditions shared publicly, days after Microsoft patched the bug.

However, this is the first working remote code execution exploit available since Microsoft addressed the vulnerability.

To create this RCE PoC, Palmiotti used some exploiting techniques shared by DATAFARM security researcher Worawit Wang in a write-up published in September 2020.

Two days after Microsoft addressed the bug, CISA ordered federal agencies to patch the wormable SIGRed flaw within 24 hours.

Also Read: A Look at the Risk Assessment Form Singapore Government Requires

The NSA also issued an advisory [PDF] urging admins to apply the CVE-2020-1350 patch to all Windows Servers immediately.

SIGRed also made it to NSA’s top 25 vulnerabilities actively abused by Chinese-backed hacking groups, together with other critical Windows vulnerabilities like Zerologon and BlueKeep.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us