Advisory, Blog, General, News

Advisory: Critical RCE in Windows DNS – CVE-2020-1350

Windows CVE-2020-1350 aka SIGRed?

This blog explains CVE-2020-1350 aka SIGRed, how to identify if you are vulnerable and what, if anything, you need to do.


What is it?

It’s a vulnerability in all versions of Windows servers that could result in Remote Code Execution, allowing a successful attacker to run unwanted operations on machines which can irreparably damage affected machines by sending a crafted DNS request to the server. The vulnerability has been deemed as ‘wormable’, which means it can be spread between vulnerable machines without user interaction. It can be spread as easily as getting an user to interact with a webpage.


Checkpoint have given a breakdown of how the vulnerability may be exploited, as well as how to protect against it.


Should I be worried?

Yes, this should be patched and the machines restarted at the earliest opportunity.


What do I need to do?

Edgescan are advising patching at the earliest convenience, when we start seeing SIGRed in the wild on our clients infrastructure, we will be advising them if they are vulnerable.


You should also check your patching for Windows Servers:


If you can’t immediately apply patches, there is a temporary workaround by editing the maximum length of a DNS message via the registry.


Here for CVE advisory:


Here for the MS Security Response update:


If you have any concerns please reach out to the Edgescan Team through the usual channels.


Take this opportunity to download the Edgescan 2020 Vulnerability Stats Report.

Posted July 14, 2020 in NEWS


Marketing Executive of Edgescan

Recent News

Edgescan Company Day & Awards
Sep 9, 2022

Edgescan Company Day & Awards

Keeping Your Wizards: Onboarding and Retaining Cybersecurity Staff
Aug 24, 2022

Keeping Your Wizards: Onboarding and Retaining Cybersecurity Staff

Transforming the Vulnerability Management Function
Aug 17, 2022

Transforming the Vulnerability Management Function