https://community.isc2.org/t5/Threats/SIGRed-CVE-2020-1350-is-a-wormable-critical-vulnerability/m-p/37304#M26 <P>SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. As the service is running in elevated privileges (SYSTEM), if exploited successfully, an attacker is granted Domain Administrator rights, effectively compromising the entire corporate infrastructure. Here's the <A href="https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/" target="_blank" rel="noopener">research article</A>.&nbsp;</P> Mon, 09 Oct 2023 09:34:29 GMT AppDefects 2023-10-09T09:34:29Z https://community.isc2.org/t5/Threats/SIGRed-CVE-2020-1350-is-a-wormable-critical-vulnerability/m-p/37304#M26 <P>SIGRed (CVE-2020-1350) is a wormable, critical vulnerability (CVSS base score of 10.0) in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response. As the service is running in elevated privileges (SYSTEM), if exploited successfully, an attacker is granted Domain Administrator rights, effectively compromising the entire corporate infrastructure. Here's the <A href="https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/" target="_blank" rel="noopener">research article</A>.&nbsp;</P> Mon, 09 Oct 2023 09:34:29 GMT https://community.isc2.org/t5/Threats/SIGRed-CVE-2020-1350-is-a-wormable-critical-vulnerability/m-p/37304#M26 AppDefects 2023-10-09T09:34:29Z