A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
Published: 2020-07-14
Researchers disclose a 17-year-old wormable flaw in Windows DNS servers. Organizations are strongly encouraged to apply patches as soon as possible. Update July 17, 2020: The Proof of Concept and Solutions sections have been updated to reflect the availability of proof of concept scripts and the availability of an audit file for Tenable products.
Published: 2020-07-14
Updated: 2025-04-08
Named Vulnerability: SigRedNamed Vulnerability: SIGRedKnown Exploited Vulnerability (KEV)
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: Critical
Base Score: 10
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: Critical
EPSS: 0.93577