Security News > 2021 > March > Windows DNS SIGRed bug gets first public RCE PoC exploit
A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution vulnerability.
SIGRed has existed in Microsoft's code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.
Following successful SIGRed exploitation against domain controller servers running DNS, unauthenticated attackers can achieve remote code execution as SYSTEM. Tested against multiple Windows Server versions.
The working PoC exploit has been tested successfully against unpatched 64-bit versions of Windows Server 2019, 2016, 2012R2, and 2012.
The researcher shared a video demo showcasing the SigRed CVE-2020-1350 RCE exploit in action.
SIGRed PoC exploits were published before, with scripts designed to trigger denial-of-service conditions shared publicly, days after Microsoft patched the bug.
News URL
Related news
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Chinese APT40 group swifly leverages public PoC exploits (source)
- Hackers use PoC exploits in attacks 22 minutes after release (source)
- New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication (source)
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled (source)
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-14 | CVE-2020-1350 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | 10.0 |