A critical vulnerability, tracked as (CVE-2020-1350), affecting Windows Server versions 2003 to 2019 has been patched after being existed in the system’s code for almost 17 years. Also known as SigRed, the 17-year-old ‘wormable’ remote code execution (RCE) vulnerability could propagate itself across vulnerable machines in a network without the need of any user interaction. A remote attacker may exploit the flaw by sending specially crafted malicious DNS queries to a targeted Windows DNS server and if successful, it could grant attackers administrator privileges over the targeted server and compromised the entire organization’s network. A compromised DNS server could enable attackers to intercept and manipulate users’ emails and network traffic, make services unavailable, and harvest users’ credentials.


A. Nature of Attack

What are the affected systems of this vulnerability:

Windows Server:

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008
  • Windows Server 2003 R2
  • Windows Server 2003


B. Actions to be Taken

CERT-PH recommends the following actions be taken:

Install the latest security updates from Microsoft as part of their July 2020 Patch Tuesday release which addressed the said vulnerability.