Security News > 2021 > March > Windows DNS SIGRed bug gets first public RCE PoC exploit
A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution vulnerability.
SIGRed has existed in Microsoft's code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.
Following successful SIGRed exploitation against domain controller servers running DNS, unauthenticated attackers can achieve remote code execution as SYSTEM. Tested against multiple Windows Server versions.
The working PoC exploit has been tested successfully against unpatched 64-bit versions of Windows Server 2019, 2016, 2012R2, and 2012.
The researcher shared a video demo showcasing the SigRed CVE-2020-1350 RCE exploit in action.
SIGRed PoC exploits were published before, with scripts designed to trigger denial-of-service conditions shared publicly, days after Microsoft patched the bug.
News URL
Related news
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-14 | CVE-2020-1350 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | 10.0 |