Back to KEVs

CVE-2020-1350

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS...

Basic Information

CVE State
PUBLISHED
Reserved Date
November 04, 2019
Published Date
July 14, 2020
Last Updated
February 07, 2025
Vendor
Microsoft
Product
Windows Server, Windows Server, version 1909 (Server Core installation), Windows Server, version 1903 (Server Core installation), Windows Server, version 2004 (Server Core installation)
Description
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

CVSS Scores

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2021-11-03 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2020-07-19 17:32:47 UTC) Source

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

simeononsecurity/CVE-2020-1350-Fix

Type: github • Created: 2020-07-26 02:12:36 UTC • Stars: 2

A registry-based workaround can be used to help protect an affected Windows server, and it can be implemented without requiring an administrator to restart the server. Because of the volatility of this vulnerability, administrators may have to implement the workaround before they apply the security update in order to enable them to update their systems by using a standard deployment cadence.

Plazmaz/CVE-2020-1350-poc

Type: github • Created: 2020-07-20 03:44:58 UTC • Stars: 4

A basic proof of concept for CVE-2020-1350

CVEmaster/CVE-2020-1350

Type: github • Created: 2020-07-19 17:32:47 UTC • Stars: 0

DNS Vulnerability - CVE-2020-1350

graph-inc/CVE-2020-1350

Type: github • Created: 2020-07-18 13:49:54 UTC • Stars: 2

Scanner and Mitigator for CVE 2020-1350

connormcgarr/CVE-2020-1350

Type: github • Created: 2020-07-17 05:41:19 UTC • Stars: 10

CVE-2020-1350 Proof-of-Concept

captainGeech42/CVE-2020-1350

Type: github • Created: 2020-07-16 16:46:48 UTC • Stars: 18

Denial of Service PoC for CVE-2020-1350 (SIGRed)

maxpl0it/CVE-2020-1350-DoS

Type: github • Created: 2020-07-15 23:00:00 UTC • Stars: 237

A denial-of-service proof-of-concept for CVE-2020-1350

jmaddington/dRMM-CVE-2020-1350-response

Type: github • Created: 2020-07-15 19:43:39 UTC • Stars: 0

Windows registry mitigation response to CVE-2020-1350

T13nn3s/CVE-2020-1350

Type: github • Created: 2020-07-15 05:46:31 UTC • Stars: 14

This Powershell Script is checking if your server is vulnerable for the CVE-2020-1350 Remote Code Execution flaw in the Windows DNS Service

zoomerxsec/Fake_CVE-2020-1350

Type: github • Created: 2020-07-14 21:55:57 UTC • Stars: 7

Fake exploit tool, designed to rickroll users attempting to actually exploit.

mr-r3b00t/CVE-2020-1350

Type: github • Created: 2020-07-14 19:28:46 UTC • Stars: 4

ZephrFish/CVE-2020-1350_HoneyPoC

Type: github • Created: 2020-07-14 19:02:25 UTC • Stars: 278

HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019.