CVE-2020-1350

critical-risk

Published 2020-07-14

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

Do I need to act?

93.8% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (6)

Windows Server 2008

Windows Server 2012

Windows Server 2016

Windows Server 2019

Affected Vendors

Microsoft

References (5)

Third Party Advisory http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service...

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

Third Party Advisory http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service...

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-...

/ 100

critical-risk

Severity 33/34 · Critical

Exploitability 27/34 · High

Exposure 13/34 · Low