SIGRed (original) (raw)

SIGRed (CVE-2020-1350) is a security vulnerability discovered in Microsoft's Domain Name System (DNS) implementation of Windows Server versions from 2003 to 2019. To exploit the vulnerability, an unauthenticated attacker sends malicious requests to a Windows DNS server. If exploited, the vulnerability could allow an attacker to run arbitrary code on a Domain Controller in the context of the Local System Account. In Microsoft's advisory of the issue, the vulnerability was classified 'wormable' and was given a CVSS base score of 10.0.