Skip to content
Major news has been revealed this week that Check Point, an Israeli Security Firm, discovered a vulnerability in Microsoft’s domain name system protocol (DNS). Most alarming is that the bug has existed for roughly 17 years. It is advised that every company take immediate action in patching the vulnerability, which has been termed SigRed. It has the potential to become ‘wormable’ which means it can “spread from one machine to another with no human interaction.”
The SigRed vulnerability in Windows DNS operates with data that is crucial for key exchange in DNSSEC — the secure version of DNS. Cybercriminals can take advantage of the data access and utilize Windows DNS to fully infiltrate a server. Microsoft and Check Point have made it clear in their statements that this bug is “critical, a 10 out of 10 on the common vulnerability scoring system, an industry-standard severity rating.” Virtually all small and medium-sized enterprises in the world use Windows DNS, which elevates the severity and gravity of this discovery.
Here’s a statement from Alvaka Senior Systems Architect, Chris Cartwright:
“Companies need to stay vigilant on their patching and also be aware to such issues [SigRed] by subscribing and reading security blogs daily.”
Original article posted on Wired – Hack Brief: Microsoft Warns of 17-Year-Old ‘Wormable’ Bug
Additional information on ZDNet – DHS CISA tells government agencies to patch Windows Server DNS bug within 24h
Cybercriminals can leverage SigRed and transform it into the next WannaCry — a worldwide cyptoworm attack that created havoc in early 2017. We at Alvaka urge our clients, and others that read this blog, to place top-priority in patching their DNS servers. If your IT department struggles to properly implement security patches, our qualified staff can ensure your patches have been applied correctly and on time through our Patchworx solution.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a type of software testing performed by Alvaka after a software patching sequence to ensure that the system is working correctly and to identify any misconfigurations or conflicts within the patched system.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a term used to describe the testing process for servers after patches are applied.