Customers with monitoring contracts already know that Ideal Integrations is actively patching a series of critical vulnerabilities.
For everyone else, please ensure your IT team already is addressing these issues or contact us immediately for us to review your network and patching.
Windows DNS Server Vulnerability
Vulnerability CVE-2020-1350 (aka: SIGRed) takes advantage of integer overflow in the signature record.
Windows DNS servers can be tricked into querying a malicious server, and can result in an attacker obtaining domain admin rights. As of now, no other client or manufacturer servers are known to be affected.
Attackers who obtain domain admin rights can then reroute DNS queries to malicious sites, and possibly compromise a network infrastructure for those who also use the DNS server as a domain controller. Microsoft also acknowledges this vulnerability does not require any human interaction, which makes this vulnerability susceptible to worm attacks.
More than 7,000 Windows servers with port 53 (TCP) have already been detected and could be vulnerable to this type of attack. Currently, patches are available for affected versions of Server 2008, Server 2012, Server 2016, Server 2019, version 1903, version 1909 and version 2004.
Vulnerabilities in Citrix and F5
Organizations that use Citrix and F5 should also patch recent vulnerabilities, as there critical-level vulnerabilities also have patches or new versions available that remediate the issues.
Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP have three general classifications of vulnerabilities: management interface, Virtual IP (VIP), and the Citrix Gateway plug-in for Linux.
Unauthenticated users can compromise the management interface system on the management network, or through Cross-Site Scripting (XSS) on the management interface. Some hackers could also create a download link that leads to compromise of local computers on the management network.
These vulnerabilities are mitigated by those who have configured their system, according to Citrix’s recommendations.
Unauthenticated users can create Denial of Service (DoS) against the gateway, or authentication virtual servers by exploiting VIP vulnerabilities. Customers who have not enabled virtual Gateway or Authentication are not at risk for attack.
The last vulnerability allows a local user of the Linux system to elevate privileges to administrator on any Citrix Gateway plug-in installed on that system. As with the VIP vulnerabilities, users who do not use Linux will not be vulnerable to this issue. However, Citrix still strongly recommends upgrading to the latest versions of their product to avoid issues.
Organizations using F5 Network’s BIG-IP application delivery controller have been advised of a vulnerability that allows for arbitrary remote code execution, which can lead to complete system compromise.
Over 8,000 potentially vulnerable devices exposed to the internet have been detected by security firms with 40% of them located in the United States.
Remediation Reminder
For existing customers with monitoring contracts, Ideal Integrations already has patching and upgrading underway.
We are also available for immediate consultation to review your organizations network and patching. For those who have decided to manage their own patching, we highly recommend that you remind your team to change all administrative and high-level access passwords.
With previous vulnerabilities, such as the Pulse Secure VPN vulnerability, organizations still suffered compromise after patching because hackers stole credentials to internal networks prior to the patches being applied.
Although it can be quite a hassle, changing passwords will be a much smaller headache than chasing down a breach.