SIGRed

SIGRed (CVE-2020-1350) is a security vulnerability discovered in Microsoft's Domain Name System (DNS) implementation of Windows Server versions from 2003 to 2019.

To exploit the vulnerability, an unauthenticated attacker sends malicious requests to a Windows DNS server. If exploited, the vulnerability could allow an attacker to run arbitrary code on a Domain Controller in the context of the Local System Account.

In Microsoft's advisory of the issue, the vulnerability was classified 'wormable' and was given a CVSS base score of 10.0.

It has been the subject of a Department of Homeland Security emergency directive, instructing all government agencies to deploy patches or mitigations for it in 24 hours.

The vulnerability was discovered by Check Point Software Technologies and publicly disclosed on July 14, 2020.