Security News > 2021 > March > Windows DNS SIGRed bug gets first public RCE PoC exploit

A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution vulnerability.
SIGRed has existed in Microsoft's code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.
Following successful SIGRed exploitation against domain controller servers running DNS, unauthenticated attackers can achieve remote code execution as SYSTEM. Tested against multiple Windows Server versions.
The working PoC exploit has been tested successfully against unpatched 64-bit versions of Windows Server 2019, 2016, 2012R2, and 2012.
The researcher shared a video demo showcasing the SigRed CVE-2020-1350 RCE exploit in action.
SIGRed PoC exploits were published before, with scripts designed to trigger denial-of-service conditions shared publicly, days after Microsoft patched the bug.
News URL
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-14 | CVE-2020-1350 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | 10.0 |