The Cybersecurity and Infrastructure Security Agency (CISA) today asked all U.S. federal executive branch departments and agencies to mitigate the critical SIGRed Windows DNS Server wormable remote code execution (RCE) vulnerability within 24 hours.

Microsoft issued a security update to address this critical Windows vulnerability tracked as CVE-2020-1350 on July 14, together with a registry-based workaround that does not require a server restart.

The security flaw has existed in Microsoft’s code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum CVSS severity rating of 10 out of 10.

Mitigate on