CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug

An emergency directive orders some federal agencies to apply Microsoft’s patch for a critical DNS vulnerability by Friday, July 17 at 2 p.m. (ET).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is ordering all federal executive branch offices to apply a patch for a wormable Windows Server bug within 24 hours, warning of a “high potential for compromise of agency information systems.”

In an Emergency Directive, the Department of Homeland Security (DHS) agency ordered the “Federal Civilian Executive Branch” to apply a patch Microsoft released Tuesday for the vulnerability, (CVE-2020-1350), by 2:00 pm ET Friday.

“CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” the agency said in the directive.

Specifically, the directive requires that by the deadline, all of the aforementioned agencies do the following: “Update all endpoints running Windows Server operating systems; ensure the July 2020 Security Update or registry modification workaround is applied to all Windows Servers running the DNS role; ensure the July 2020 Security Update is applied to all Windows Servers and, if necessary and applicable, the registry change workaround is removed; and ensure technical and/or management controls are in place to ensure newly provisioned or previously disconnected servers are updated before connecting to agency networks.”

While there is no evidence of current active exploitation of the vulnerability, the CISA based its warning on “the likelihood of the vulnerability being exploited” as well as “the widespread use of the affected software across the Federal enterprise,” and “the grave impact of a successful compromise,” according to the directive.

#cloud security #government #cloud

What is GEEK

Buddha Community

CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug
Wilford  Pagac

Wilford Pagac

1596848400

Critical DNS Bug Opens Windows Server to Infrastructure Takeover

Microsoft gives the ‘wormable’ flaw a security rating of 10 – the most severe warning possible.

A critical Microsoft Windows Server bug opens company networks to hackers, allowing them to potentially seize control of IT infrastructures. Microsoft issued a patch for the bug on Tuesday as part of its July Patch Tuesday roundup.

It turns out that the bug is 17 years old. Impacted are Windows Server versions from 2003-2019. The bug, found by researchers at Check Point, received a severity warning of 10 – the highest allowed. Most concerning to researchers however is that the bug is wormable, meaning a single exploit of the flaw can trigger a chain reaction that allows attacks to spread from one computer to another.

“[The] security flaw would enable a hacker to craft malicious DNS queries to the Windows DNS server, and achieve arbitrary code execution that could lead to the breach of the entire infrastructure,” according to Check Point researcher Sagi Tzaik, who is credited for finding the flaw.

Microsoft released a patch for the vulnerability, identified as CVE-2020-1350, and urged customers to prioritize an update to their systems. Check Point is calling the bug SigRed – a nod to the vulnerable DNS component and function “dns.exe”.

A hacker can gain Domain Administrator rights over the server, “enabling the hacker to intercept and manipulate users’ emails and network traffic, make services unavailable, harvest users’ credentials and more. In effect, the hacker could seize complete control of a corporation’s IT,” researchers wrote, in a technical analysis of the bug, posted Tuesday.

**Patching Is an Imperative     **

Upping the chance for exploitation by a hacker is the relatively simple prerequisites needed to exploit the vulnerability. “The likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug, which means a determined hacker could also find the same resources,” researchers noted.

“This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected,” Microsoft wrote in a post Tuesday. “While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.”

Mechele Gruhn, principal security PM manager at the Microsoft Security Response Center, noted that “if applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.”

“CVE-2020-1350, a wormable remote code execution vulnerability in Windows DNS Server, could very well be the most critical Windows vulnerability released this year, receiving a rare 10 out of 10 CVSS score,” Chris Hass, director of information security and research at Automox, told Threatpost.

“A wormable vulnerability like this is an attacker’s dream. An unauthenticated hacker could send specially crafted packets to the vulnerable Windows DNS Server to exploit the machine, allowing for arbitrary code to be run in the context of the local system account. Not only will the attacker have full control of the system, but they will also be able to leverage the server as a distribution point, allowing the attacker to spread malware between systems without any user interaction. This wormable capability adds a whole other layer of severity and impact, allowing malware authors to write ransomware similar to notable wormable malware such as Wannacry and NotPetya,” Hass said.

Exploiting a 17-Year-Old Bug

The flaw itself is an integer-overflow bug that can trigger a heap-based buffer overflow attack tied to the DNS module called dns.exe, which is responsible for answering DNS queries on Windows Servers.

By abusing the dns.exe module, two attack surfaces were created by researchers. One is a “bug in the way the DNS server parses an incoming query.” And the second is “a bug in the way the DNS server parses a response (answer) for a forwarded query.”

The attack requires researchers to first force a Windows DNS Server to parse responses from a malicious DNS NameServer. This employs the dns.exe module, which parses all supported response types. One of those supported response types is for a Secure Internet Access (SIG) query called SIG(O). Researchers focused their attention on creating a request that exceeded the maximum size request of 65,535 bytes, and causing the overflow. By using compressed data, researcher were able to create a successful crash.

“Although it seems that we crashed because we were trying to write values to unmapped memory, the heap can be shaped in a way that allows us to overwrite some meaningful values,” they wrote.

This local attack then was replicated remotely, by “smuggling DNS inside HTTP” requests on Microsoft Explorer and Microsoft Edge browsers (Google Chrome and Firefox are not vulnerable to this type of attack). Because DNS can be transported over TCP — and Windows DNS Server supports this connection type – researchers were able to craft a HTTP payload.

“Even though this is an HTTP payload, sending it to our target DNS server on port 53 causes the Windows DNS Server to interpret this payload as if it was a DNS query,” they wrote. Researchers were able to circumvent HTTP protections against similar malicious HTTP payloads by “smuggling” DNS query data inside the POST data located in the HTTP request.

Chromium-class browsers (Google Chrome and Mozilla Firefox) do not allow HTTP requests to port 53, therefore the bug can only be exploited Internet Explorer and Microsoft Edge.

“Successful exploitation of this vulnerability would have a severe impact, as you can often find unpatched Windows Domain environments, especially Domain Controllers. In addition, some internet service providers (ISPs) may even have set up their public DNS servers as WinDNS,” Check Point wrote.

#vulnerabilities #web security #critical vulnerability #cve-2020-1350 #dns #dns nameserver #dns.exe #domain administrator #http request #july patch tuesday #microsoft patch #microsoft security response center #security bug #sigred #windns #windows server #wormable

CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug

An emergency directive orders some federal agencies to apply Microsoft’s patch for a critical DNS vulnerability by Friday, July 17 at 2 p.m. (ET).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is ordering all federal executive branch offices to apply a patch for a wormable Windows Server bug within 24 hours, warning of a “high potential for compromise of agency information systems.”

In an Emergency Directive, the Department of Homeland Security (DHS) agency ordered the “Federal Civilian Executive Branch” to apply a patch Microsoft released Tuesday for the vulnerability, (CVE-2020-1350), by 2:00 pm ET Friday.

“CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action,” the agency said in the directive.

Specifically, the directive requires that by the deadline, all of the aforementioned agencies do the following: “Update all endpoints running Windows Server operating systems; ensure the July 2020 Security Update or registry modification workaround is applied to all Windows Servers running the DNS role; ensure the July 2020 Security Update is applied to all Windows Servers and, if necessary and applicable, the registry change workaround is removed; and ensure technical and/or management controls are in place to ensure newly provisioned or previously disconnected servers are updated before connecting to agency networks.”

While there is no evidence of current active exploitation of the vulnerability, the CISA based its warning on “the likelihood of the vulnerability being exploited” as well as “the widespread use of the affected software across the Federal enterprise,” and “the grave impact of a successful compromise,” according to the directive.

#cloud security #government #cloud

Windows Server Setup and Management - Global TechForce

Are you looking for the best outsource it services company for windows server setup? Don’t forget to visit Global TechForce for best and expert IT professionals to install and manage Windows Server 2019. Call us today: (954) 678-2600.

#Windows Server Support #Windows Server Management #Windows Server Setup

Emma Pacino

Emma Pacino

1620458414

What is the Method to Fix DNS Issues in Window 10?

If the user encounters DNS issues, this means they cannot be able to surf on the internet properly. In this situation, you should make some changes in the setting and you can also change the provider if DNS is not responding. In this blog, you will read the solution to fix DNS issues in Window 10. For more help, just click on www.office.com/setup.

Method to Fix DNS Issues in Window 10:

1. Use Command Prompt:

First of all, you have to start Command Prompt as an administrator just by pressing the Windows + X key in order to open the Power User Menu. After this, you have to select Command Prompt as an Admin from the menu. When Command Prompt opens, you have to enter the following command and then hit Enter after each command:

ipconfig /flushdns

ipconfig /registerdns

ipconfig /release

ipconfig /renew

NETSH winsock reset catalog

NETSH int ipv4 reset reset.log

NETSH int ipv6 reset reset.log

Exit

When you close the Command Prompt, then just check if the issue has been solved or not.

2. Disable peer-to-peer Download for Windows Updates:

First, you have to open the Settings app and then visit to Update & Security section. After this, you need to tap on Advanced options. Then, you need to tap on Choose how updates are delivered. Now, you have to choose PCs on my local network and then disable Updates from more than one place. At this point, you have to close the Settings app and then check if the issue is solved or not.

3. Reinstall your Network Adapter Drivers:

You have to press Windows + X key together and then select Device Manager from the list of results. Now, you need to locate your network adapter, then right-click on it and after this, select Uninstall option. After you uninstall it, then you have to tap on the Scan for hardware changes button. Here, again you have to locate your network adapter and then right-click on it and then choose Update Driver Software. At this point, you have to select the option to Search automatically for updated driver software. Next, just wait for Windows 10 to install the necessary software in your device. You can also use the third-party tool to download all the outdated drivers in your Computer system. For details, tap on office.com/setup.

4. Change Power Options settings:

You have to press Windows + S key altogether and then enter power options. After this, you need to select Power Options from the menu. Now, you have to locate your current power plan and then click on Change plan settings. Then, you need to tap on Change advanced power settings. Here, you have to locate Wireless Adapter settings and then just set them to Maximum Performance. At last, you need to tap on Apply and OK options to save changes.

5. Ensure Microsoft LLDP Protocol Driver is Enabled:

For this, you need to press Windows + X key and then choose Network Connections. Now, Network Connections window will display on your screen. Then, you need to locate your network connection, and just right-click on it and after this, choose Properties. At this point, you have to locate Microsoft LLDP Protocol Driver and just enabled it. At last, tap on OK button to save changes.

6. Perform Clean Boot:

You need to press Windows Key + R together and then enter msconfig. After this, just tap on OK or press Enter key. Now, System Configuration window opens up on your screen, then go to Services tab. Then, you need to check Hide all Microsoft services and then tap on Disable all button. Lastly, click Apply and OK to save changes. Just restart your PC.

The above method will help you to fix DNS issues in Window 10. If the user need help, just visit to the site of Microsoft via www.office.com/setup.

Also Visit Here – If Window Memory Diagnostic Tool Stuck! How To Fix it?

Must Visit -

Www.Webroot.com/safe
AVG.com/retail

#office #dns #window 10 #fix dns issues #office.com/setup #www.office.com/setup

Ray  Patel

Ray Patel

1625843760

Python Packages in SQL Server – Get Started with SQL Server Machine Learning Services

Introduction

When installing Machine Learning Services in SQL Server by default few Python Packages are installed. In this article, we will have a look on how to get those installed python package information.

Python Packages

When we choose Python as Machine Learning Service during installation, the following packages are installed in SQL Server,

  • revoscalepy – This Microsoft Python package is used for remote compute contexts, streaming, parallel execution of rx functions for data import and transformation, modeling, visualization, and analysis.
  • microsoftml – This is another Microsoft Python package which adds machine learning algorithms in Python.
  • Anaconda 4.2 – Anaconda is an opensource Python package

#machine learning #sql server #executing python in sql server #machine learning using python #machine learning with sql server #ml in sql server using python #python in sql server ml #python packages #python packages for machine learning services #sql server machine learning services