Cyber Security

CISA Gives Federal Agencies 24 Hours to Comply to Patch SIGRed Exploit

The Cybersecurity and Infrastructure Security Agency (CISA) emergency directive 20-03 was signed off by the agency’s director Christopher C. Krebs on July 16, giving federal agencies until 2 p.m. EDT on July 17 to update their Windows. The directive comes after cybersecurity researchers detected a dangerous vulnerability named SIGRed. The deadline for agencies that use Windows Server is set to 2 p.m. EDT, July 24. 

SIGRed Vulnerability: Easy to Use and Highly Exploitable

CVE-2020-1350 or SIGRed is a “perfect” 10 under the Common Vulnerability Scoring System (CVSS) due to the vulnerabilities ease of use, it’s high infection potential, and the likelihood of it being exploited by bad actors. These factors prompted CISA to issue an emergency directive giving federal agencies 24 hours to update their Windows Server. 

Check Point researchers initially discovered SIGRed, with Microsoft confirming that it is a vulnerability affecting all versions of Windows Server. The vulnerability itself affects the Windows Domain Name System (DNS) service implementation, which could give attackers full administrator rights on a network. 

While CISA’s directive only really applies to US Executive Branch departments and agencies, the agency is recommending that state and local governments update as soon as possible as well, with the same advice being given to the private sector and individuals running Windows Server.

Show More

Reactionary Times News Desk

All breaking news stories that matter to America. The News Desk is covered by the sharpest eyes in news media, as they decipher fact from fiction.

Previous/Next Posts

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close