CVE-2020-1350
Published: 14 July 2020
Summary
CVE-2020-1350 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-20 (Secure Name/Address Resolution Service (Authoritative Source)).
Deeper analysis
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. The flaw, tracked as CVE-2020-1350 and also known as SIGRed, affects the DNS server component in supported Windows versions and carries a maximum CVSS score of 10.0 due to its network-accessible nature and full system impact.
An unauthenticated attacker can exploit the issue remotely by sending specially crafted DNS requests, achieving arbitrary code execution with the privileges of the DNS service. Successful exploitation grants complete control over confidentiality, integrity, and availability on the target server and can extend impact to other systems because of the changed scope.
Microsoft's security advisory and the CISA Known Exploited Vulnerabilities catalog both address the issue, directing administrators to apply the vendor-supplied patches. Public proof-of-concept material has also appeared demonstrating denial-of-service outcomes that align with the same root cause.
The vulnerability appears in the CISA catalog of actively exploited flaws, confirming real-world use against unpatched Windows DNS deployments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-12226
Vulnerability details
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor patches that close the SIGRed RCE flaw in Windows DNS.
Mandates secure architecture and provisioning choices for name-resolution services that reduce exposure of the vulnerable DNS component.
Requires authoritative DNS implementations to enforce secure handling of requests, limiting the attack surface exploited by crafted SIG queries.