CVE-2020-1350: Microsoft Windows DNS Server Remote Code Execution

Microsoft Windows DNS Server Remote Code Execution Vulnerability. Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

• CISA KEV-listed (remediation due 2022-05-03)
• EPSS 93.8% (99.9% percentile)

Detection rules

• DNS RCE CVE-2020-1350 critical
• Unusual File Modification by dns.exe high
• Unusual File Deletion by Dns.exe high
• Unusual Child Process of dns.exe high

Browse the CVE database

Read the full analysis on IntelFusions