The Layperson's Guide to the SigRed Bug

Well, it wasn’t hard to think of this week’s topic! Yes, half the Internet was inaccessible on Friday, but that wasn’t the biggest news! Another huge Windows bug has hit the tech world. Last week, Microsoft revealed SigRed, a critical Windows security bug relating to the Windows DNS server (more on what DNS is in a moment.)

SigRed became public knowledge last Tuesday, when Microsoft released a patch to fix the bug. However, the vulnerability has existed in all Windows Server versions since Server 2003. That’s 17 years in the wild without being discovered! Of course, we’ll never know if some attackers had already found and exploited SigRed, but it’s definitely possible. Anyway, thanks to the hard work of the cyber research firm CheckPoint, everything is now out in the open and Microsoft has been able to release a fix.

SigRed is big news, with CheckPoint themselves emphasizing that “this is not just another vulnerability” and that the bug could even lead to a “cyber pandemic”. Pandemic, indeed: this is the second Windows threat in just five months to score 10 out of 10 on the CVSS (Common Vulnerability Scoring System) scale, with the critical SMBGhost bug first making headlines in March. And that’s not all: 2020 has also seen the Ripple20, which does not affect Windows directly, but does carry two 10/10 alerts of its own for smaller connected devices.

Anyway, there are plenty of places online to read about the technical details of SigRed. If you are interested in a deeper dive, I’d recommend getting it straight from CheckPoint, who first discovered SigRed. Read their report here. Since this blog is targeted at clients and technical laypersons, let jump to the plain facts you need to know:

What Small Businesses Need to Know

• SigRed affects the Windows DNS server. DNS (Domain Name Service) is what translates the domain names people use, like google.com, into the IP addresses computers use to communicate, like 142.250.64.110. You can think of DNS as an address book for computers.
• Since almost all computers need to use DNS, SigRed will have a wide impact.
• SigRed affects Windows servers, not normal workstation PCs. If you are a very small office without a Windows server, you may be unaffected.
• However, regular Windows PCs can be used to launch a SigRed attack against a server on the same network.
• If you do have server(s), your IT firm needs to install the update that fixes SigRed. NOW!
• As usual, many will fail to update, and that will be why their systems are exploited. Don’t let this be you!

Not sure if your systems are vulnerable? Green Mountain IT Solutions can check and install the necessary patches to keep you safe. Call us today at 802-489-6948 or email info@greenmtnit.com. Trust me: you can’t afford to wait on this one. Contact us now.