Sagi Tzadik of Check Point Research has recently uncovered a 17-year-old flaw within Windows Server’s DNS implementation. The flaw, dubbed SIGRed, was given CVE number CVE-2020-1350 and rated a 10 on the Common Vulnerability Scoring System (CVSS). SIGRed is a wormable exploit affecting Windows Server 2003 all the way through Server 2019 that is triggered through a malicious DNS response. Because the DNS service runs with SYSTEM level privileges, successful attacks could grant an attacker full domain administrator access.
Analyst Notes
SIGRed is a critical-level vulnerability that should be patched immediately. Microsoft has released a fix as part of the normal Patch Tuesday cycle. To find the individual patch for a specific version of Windows Server, see Microsoft’s advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350. If you are unable to apply the patch, a workaround was also released that should be used only as a last resort involving a quick registry edit and restarting the DNS service. That workaround can be found at https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability.
Source: https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
