Cyber Resilience

CVE-2020-1350

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 14 July 2020

Published
14 July 2020
Modified
18 December 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.9381 99.9th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-1350 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-20 (Secure Name/Address Resolution Service (Authoritative Source)).

Deeper analysis

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. The flaw, tracked as CVE-2020-1350 and also known as SIGRed, affects the DNS server component in supported Windows versions and carries a maximum CVSS score of 10.0 due to its network-accessible nature and full system impact.

An unauthenticated attacker can exploit the issue remotely by sending specially crafted DNS requests, achieving arbitrary code execution with the privileges of the DNS service. Successful exploitation grants complete control over confidentiality, integrity, and availability on the target server and can extend impact to other systems because of the changed scope.

Microsoft's security advisory and the CISA Known Exploited Vulnerabilities catalog both address the issue, directing administrators to apply the vendor-supplied patches. Public proof-of-concept material has also appeared demonstrating denial-of-service outcomes that align with the same root cause.

The vulnerability appears in the CISA catalog of actively exploited flaws, confirming real-world use against unpatched Windows DNS deployments.

EU & UK References

Vulnerability details

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
all versions
microsoft
windows server 2019
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of vendor patches that close the SIGRed RCE flaw in Windows DNS.

prevent

Mandates secure architecture and provisioning choices for name-resolution services that reduce exposure of the vulnerable DNS component.

prevent

Requires authoritative DNS implementations to enforce secure handling of requests, limiting the attack surface exploited by crafted SIG queries.

References