Security News > 2021 > March > Windows DNS SIGRed bug gets first public RCE PoC exploit

Windows DNS SIGRed bug gets first public RCE PoC exploit
2021-03-04 14:44

A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution vulnerability.

SIGRed has existed in Microsoft's code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.

Following successful SIGRed exploitation against domain controller servers running DNS, unauthenticated attackers can achieve remote code execution as SYSTEM. Tested against multiple Windows Server versions.

The working PoC exploit has been tested successfully against unpatched 64-bit versions of Windows Server 2019, 2016, 2012R2, and 2012.

The researcher shared a video demo showcasing the SigRed CVE-2020-1350 RCE exploit in action.

SIGRed PoC exploits were published before, with scripts designed to trigger denial-of-service conditions shared publicly, days after Microsoft patched the bug.


News URL

https://www.bleepingcomputer.com/news/security/windows-dns-sigred-bug-gets-first-public-rce-poc-exploit/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-14 CVE-2020-1350 Unspecified vulnerability in Microsoft products
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
network
low complexity
microsoft
critical
 10.0
10