Recently, Check Point researchers found a 17-year-old high-profile flaw, SIGRed (CVE-2020-1350). The flaw is a wormable, critical vulnerability in the Windows DNS server, and can be triggered by a malicious DNS response.
On a zero to 10 scale, this vulnerability has received a CVSS base score of 10 in terms of how easy it is to exploit and how damaging it can be. Successful exploitation could lead to a critical RCE on Windows DNS servers due to the improper handling of DNS requests – effectively compromising the entire corporate infrastructure.
Fortunately, Imperva DDoS Protection for Domain Name Servers (DNS) can shield against this vulnerability and ensure the attack is not forwarded to the origin name server. Customers using our protected DNS service are safe provided that their DNS server accepts incoming requests from Imperva’s proxies only (this configuration should be done in the onboarding process); thus, they should block incoming requests from other IPs and block requests that are not for this domain.
How do we protect against this vulnerability?
The Imperva service checks the requested DNS name and forwards the request to the origin (authoritative DNS server) only if the name matches the authoritative domain name.
For example: If our protected DNS customer protects a DNS domain, d1.com, so that only DNS queries that match: *.d1.com will be forwarded to the origin server; any other domain name will not be forwarded.
In an attempt to exploit this vulnerability, an attacker would send a malicious DNS query with a domain name that is under the attacker’s control (Ex: *.attacker.com). However, this query will not be forwarded to the origin because it doesn’t match *.d1.com.
More focus on DNS is also on the docket at Imperva, in the form of a complete DNS offering later this year. The offering will include a fully managed secured DNS service, where you’ll be able to administrate and secure your DNS zones, mitigating L3/4 volumetric, protocol & DNS DDoS attacks.
The goal is to provide a best-in-class secured DNS solution with maximum reliability, security and visibility, complemented by the kind of full management capabilities you’d expect from a world-class DNS solution.
In the meantime, if you have further questions about CVE-2020-1350, or need additional information on how Imperva can offer you top-notch, edge to end protection, contact us today.