Windows DNS SIGRed bug gets first public RCE PoC exploit

From bleepingcomputer.com

Windows DNS SIGRed bug gets first public RCE PoC exploit

A working proof-of-concept (PoC) exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability.

Microsoft issued security updates to address the security flaw tracked as CVE-2020-1350 on July 14, 2020, together with a registry-based workaround that helps protect affected Windows servers from attacks.

SIGRed has existed in Microsoft’s code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.

Read more…