First Public RCE PoC Exploit for Windows DNS SIGRed
A working proof-of-concept exploit is now publicly available for the critical SIGRed Windows DNS Server remote code execution (RCE) vulnerability. Microsoft issued security updates to address the security flaw tracked as CVE-2020-1350 on July 14, 2020, together with a registry-based workaround that helps protect affected Windows servers from attacks. SIGRed has existed in Microsoft’s code for over 17 years, it impacts all Windows Server versions 2003 through 2019, and it has received a maximum severity rating of 10 out of 10.
The flaw was classified by Microsoft as wormable, meaning the malware exploiting it might be able to spread automatically between vulnerable machines on the network with no user interaction. Following successful SIGRed exploitation against domain controller servers running DNS, unauthenticated attackers can achieve remote code execution as SYSTEM.
Further Reading: