CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability

IMPORTANT:

An old bug was dicovered in the  Microsot DNS Server components, update your DNS server asap!!

SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. As the service is running in elevated privileges (SYSTEM), if exploited successfully, an attacker is granted Domain Administrator rights, effectively compromising the entire corporate infrastructure.

Read the article from Checkpoint here:

https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/

Link to:

CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability

1 Comment

  1. Thorsten Sult

    The mistake should really not be underestimated….

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close