Patch Tuesday Special Edition: SIGRed


July 21, 2020

(This article’s a bit late as I was on vacation last week, so if you’ve already patched your Windows Server with the bug fixes released on July 14th to protect it against CVE-2020-1350, great. If not, get crackin’!)

A 17 year-old vulnerability is finally being patched by Microsoft and you should take note.

SIGRed (or CVE-2020-1350) is a worm-able, critical vulnerability that’s got a Common Vunerability Scoring System rating (CVSS) of 10, meaning “High Severity”. The CVSS only goes up to 10, so this thing is pretty gnarly.

If exploited successfully, SIGRed grants an attacker Domain Administrator rights and compromises the entire corporate infrastructure.

SIGRed affects Windows Server versions 2003 to 2019. This video by Check Point Research shows how easy it is for SIGRed to be implemented via a link in a malicious email:



I’m not going to pretend that I understand even a fraction of what’s going on here, I’m only a humble marketing monkey, but the blog article posted by Check Point (which you can read here: is very, very in-depth.

Should you be worried?

Yeah, I mean, it’s got a 10 on the CVSS scale. Check Point Research only found the vulnerability in May and Microsoft responded quickly in issuing the CVE and patching it (relatively speaking).

Check Point also acknowledges there are no known workin exploits. If you watch the video above the only thing that happens is the target’s DNS servers crash. However, there is potential for SIGRed to be come a very, very nasty exploit if left unchecked.

Considering how hesitant people are to patch their Windows Domain environments/Domain Controllers, we can see SIGRed becoming a real pain in the “you-know-what.”

What can you do?

Patch your Domain environments. Use this link if you need help in finding the appropriate patch. Otherwise, Check Point says there is a work around until you’re able to implement the patch.

They say if you set the maximum length of a DNS message (over TCP) to 0xFF00 you should be able to nip SIGRed in the butt with out patching via the following command:

reg add “HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDNSParameters” /v “TcpReceivePacketSize” /t REG_DWORD /d 0xFF00 /f net stop DNS && net start DNS

Hope that helps.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...

7 Signs Your Denver Business Needs a Tech Update

Regardless of size or industry, technology is an essential part of every Denver business. That being said, technological improvements and advancements can develop quite quickly, leaving some businesses scrambling to keep up. While many businesses cite expenses in the...

Cybersecurity best practices for Boston Businesses

Securing your businesses sensitive data, networks, and devices is non-negotiable in the technologically-driven world we live in. Whether you are a small business or or corporation in Boston, it is imperative that you prioritize cybersecurity. It is no longer enough to...