Microsoft has released an update to address a critical remote code execution (RCE) vulnerability, dubbed ‘SigRed’, in Windows DNS servers.
Dubbed “SigRed,” the vulnerability was awarded a CVSS severity score of 10 and is deemed ‘wormable’, as it could allow an attacker to exploit one vulnerable system and spread the attack to additional vulnerable systems without human interaction. Microsoft urges customers to patch as soon as possible.
References:
July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server