Critical SIGred Windows DNS bug gets micropatch after PoCs released

Running Vista-era server software? There’s a patch for that…:

[…] Microsoft stopped support for Windows Server 2008, providing security updates only to customers with an ESU license but these systems are still in use. A patch for 2012 versions is available through regular updates.

Proof-of-concept (PoC) scripts that trigger the vulnerability and create a denial-of-service condition are already publicly available (12). It is safe to assume that a reliable exploit to achieve remote code execution is in the works.

The 0patch platform from Acros Security has been updated this week with corrective instructions to protect against SIGRed. The fix is delivered in memory and no system restart is necessary.

Mitja Kolsek, 0Patch co-founder, says that a micropatch is currently available to Pro customers of the platform running Windows Server 2008 machines with no security updates from Microsoft. The fix was modeled after the PoC from Max Van Amerongen of F-Secure.


Original article here