The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive today. The directive requires all U.S. federal executive branch departments and agencies to mitigate the critical SIGRed Windows DNS Server wormable remote code execution (RCE) vulnerability within 24 hours. Microsoft issued a security update to address this critical Windows vulnerability tracked as CVE-2020-1350 on July 14. The vulnerability has existed in Microsoft s code for over 17 years, it impacts all Windows Server versions 2003 through 2019.
Source: https://www.bleepingcomputer.com/news/security/federal-agencies-told-to-patch-wormable-windows-dns-bug-in-24-hours/