SIGRed – Watch a Hacker Take Over Your Servers from Halfway Around the World

SIGRed is a vulnerability in Windows servers that has been around for 17 years. It allows attackers to remotely compromise your public facing DNS servers and use that attack to take over the server and from there take over your network.

To make it even scarier, it is “wormable”. That means that the attackers, after they take over the DNS server, they can use that as a launchpad to automatically take over the rest of the network.

DHS ranks it a 10 out of 10 for risk.

Here is a link to the CISA alert.

This is one of those patches that you need to apply quickly. There is a band-aid that you can apply if you can’t apply the patch quickly.