Uh oh 😟 Working PoC exploit for SIGRed DNS server RCE vuln per Bleeping Computer
We pay attention to vulnerabilities that allow for RCE or remote code execution because it will end in tears and bad things. Last summer Microsoft reported on a doozy of a flaw, rated 10 out if 10 for severity because wormable 😬 living 17 years in its code and impacting all Windows Server versions from 2003 to 2019. This is the first published working exploit since Microsoft addressed SIGRed with patches and a registry workaround in July 2020. Are you patched?
CISA issued Emergency Directive 21-02 on Wednesday March 3, mandating that agencies do a thorough search for infiltration or compromise, patch immediately and disconnect from the network if they find anything. Exchange is embedded in IT infrastructure and essential to how work gets done in most enterprise, corporate and government workspaces. Security firm Eset is now saying several cyber espionage groups are exploiting CVE-2021-26855. Targets are not just in the US.
The Accellion secure file transfer app gets used in a LOT of places apparently. There have been well over 100 victims to date as Clop ransomware continues to post them on its name and shame site. Qualys is a trusted firm used for cloud security and compliance and now is the latest victim. 2021 has been a casebook study on third party risk and exposure with ongoing supply chain attacks and big names impacted. Time to move on from “trust but verify” to more actively “Verify then trust” with existing and new external relationships.