New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Windows DNS Bug Found After 17 Years

Sagi Tzadik of Check Point Research has recently uncovered a 17-year-old flaw within Windows Server’s DNS implementation. The flaw, dubbed SIGRed, was given CVE number CVE-2020-1350 and rated a 10 on the Common Vulnerability Scoring System (CVSS). SIGRed is a wormable exploit affecting Windows Server 2003 all the way through Server 2019 that is triggered through a malicious DNS response. Because the DNS service runs with SYSTEM level privileges, successful attacks could grant an attacker full domain administrator access.

Analyst Notes

SIGRed is a critical-level vulnerability that should be patched immediately. Microsoft has released a fix as part of the normal Patch Tuesday cycle. To find the individual patch for a specific version of Windows Server, see Microsoft’s advisory at If you are unable to apply the patch, a workaround was also released that should be used only as a last resort involving a quick registry edit and restarting the DNS service. That workaround can be found at