Major Vulnerability in Windows DNS Servers: Responding to CVE-2020-1350 (SIGRed)

1.0Forescouthttps://www.forescout.comDaniel dos Santoshttps://www.forescout.com/blog/author/dr.daniel-dos-santos/Major Vulnerability in Windows DNS Servers: Responding to CVE-2020-1350 (SIGRed) - Forescoutrich600338<blockquote class="wp-embedded-content" data-secret="s5iJDcpYLW"><a href="https://www.forescout.com/blog/major-vulnerability-in-windows-dns-servers-responding-to-cve-2020-1350-sigred/">Major Vulnerability in Windows DNS Servers: Responding to CVE-2020-1350 (SIGRed)</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.forescout.com/blog/major-vulnerability-in-windows-dns-servers-responding-to-cve-2020-1350-sigred/embed/#?secret=s5iJDcpYLW" width="600" height="338" title="“Major Vulnerability in Windows DNS Servers: Responding to CVE-2020-1350 (SIGRed)” — Forescout" data-secret="s5iJDcpYLW" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://www.forescout.com/wp-includes/js/wp-embed.min.js /* ]]> */ </script> https://www.forescout.com/wp-content/uploads/2019/06/fs-rapid-response-featured-image.jpg1600875As part of Microsoft’s traditional Patch Tuesday in July, CVE-2020-1350 (codenamed “SIGRed”) was fixed and disclosed publicly. This vulnerability is very serious, with a CVSS score of 10, and allows remote unauthenticated attackers to run arbitrary code with elevated privileges. The Vulnerability The vulnerable component is the Windows DNS Server. Windows DNS clients and DNS […]