Lucene search
K

26 matches found

Imperva Blog
Imperva Blog
added 2020/07/21 11:24 a.m.163 views

Imperva Shields Against Windows DNS Server RCE Vulnerability (CVE-2020-1350)

Recently, Check Point researchers found a 17-year-old high-profile flaw, SIGRed CVE-2020-1350. The flaw is a wormable, critical vulnerability in the Windows DNS server, and can be triggered by a malicious DNS response. On a zero to 10 scale, this vulnerability has received a CVSS base score of 10...

10CVSS9AI score0.92178EPSS
Exploits21
Qualys Blog
Qualys Blog
added 2020/07/20 8:45 p.m.164 views

Automatically Discover, Prioritize and Remediate Windows DNS Vulnerability (SigRed – CVE-2020-1350) Using Qualys VMDR®

On July 14, 2020, Microsoft issued a new security advisory on Microsoft Windows Patch Day – addressing CVE-2020-1350, also known as SigRed – a remote code execution vulnerability in Windows Domain Name System DNS servers. The security issue has received a critical severity rating score of 10.0...

10CVSS10.1AI score0.92178EPSS
Exploits21
Information Security Automation
Information Security Automation
added 2020/07/18 6:31 p.m.318 views

Barapass, Tsunami scanner, vulnerabilities in Windows DNS Server and SAP products, weird attack on Twitter

This episode is based on posts from my Telegram channel avleonovcom, published in the last 2 weeks. So, if you use Telegram, please subscribe. I update it frequently. Barapass update I recently released an update to my password manager barapass. BTW, it seems to be my only pet project at the MVP...

10CVSS8.5AI score0.94719EPSS
Exploits28
GithubExploit
GithubExploit
added 2020/07/18 1:49 p.m.65 views

Exploit for Improper Input Validation in Microsoft

CVE-2020-1350 Scanner and Mitigat...

10CVSS9.4AI score0.92178EPSS
Exploits21
ThreatPost
ThreatPost
added 2020/07/17 3:43 p.m.319 views

CISA Emergency Directive Orders Immediate Fix of Windows DNS Server Bug

The U.S. Cybersecurity and Infrastructure Security Agency CISA is ordering all federal executive branch offices to apply a patch for a wormable Windows Server bug within 24 hours, warning of a “high potential for compromise of agency information systems.” In an Emergency Directive, the Department...

10CVSS1.9AI score0.92178EPSS
Exploits22References9
Tenable Nessus
Tenable Nessus
added 2020/07/17 12:0 a.m.153 views

Windows DNS Server RCE (CVE-2020-1350)

The remote Windows host is missing a security update. It is, therefore, affected by a remote code execution vulnerability: - A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the...

10CVSS9.5AI score0.92178EPSS
Exploits21References3
CISA
CISA
added 2020/07/16 12:0 a.m.44 views

CISA Releases Emergency Directive on Critical Microsoft Vulnerability

The Cybersecurity and Infrastructure Security Agency CISA has released Emergency Directive 20-03 addressing a critical vulnerability—CVE-2020-1350—affecting all versions of Windows Server with the Domain Name System DNS role enabled. A remote attacker could exploit this vulnerability to take...

10CVSS9.1AI score0.92178EPSS
Exploits21References4
Tenable Nessus
Tenable Nessus
added 2020/07/16 12:0 a.m.700 views

Microsoft DNS Server Remote Code Execution (SIGRed)

According to its self-reported version number, the Microsoft DNS Server running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System...

10CVSS8.9AI score0.92178EPSS
Exploits21References2
GithubExploit
GithubExploit
added 2020/07/15 5:46 a.m.68 views

Exploit for Improper Input Validation in Microsoft

Warning This repository has been archived and is no long...

10CVSS9.5AI score0.92178EPSS
Exploits21
OpenVAS
OpenVAS
added 2020/07/15 12:0 a.m.54 views

Microsoft Windows Multiple Vulnerabilities (KB4558998)

This host is missing a critical security update according to Microsoft KB4558998 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7AI score0.92178EPSS
Exploits21References3
OpenVAS
OpenVAS
added 2020/07/15 12:0 a.m.61 views

Microsoft Windows Multiple Vulnerabilities (KB4565524)

This host is missing a critical security update according to Microsoft KB4565524 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7AI score0.92178EPSS
Exploits21References3
OpenVAS
OpenVAS
added 2020/07/15 12:0 a.m.59 views

Microsoft Windows Multiple Vulnerabilities (KB4565503)

This host is missing a critical security update according to Microsoft KB4565503 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.1AI score0.92178EPSS
Exploits21References3
OpenVAS
OpenVAS
added 2020/07/15 12:0 a.m.49 views

Microsoft Windows Multiple Vulnerabilities (KB4565483)

This host is missing a critical security update according to Microsoft KB4565483 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7AI score0.92178EPSS
Exploits21References3
OpenVAS
OpenVAS
added 2020/07/15 12:0 a.m.89 views

Microsoft Windows Multiple Vulnerabilities (KB4565511)

This host is missing a critical security update according to Microsoft KB4565511 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7AI score0.94243EPSS
Exploits31References3
CVE
CVE
added 2020/07/14 10:54 p.m.1754 views

CVE-2020-1350

CVE-2020-1350 (SIGRed) is a remote code execution vulnerability in Windows DNS Server caused by improper handling of requests, allowing an unauthenticated attacker to execute code with Local System privileges via DNS queries. Exploitation could be wormable, enabling propagation to other DNS serve...

10CVSS9.6AI score0.92178EPSS
In wildExploits21References3Affected Software4
ThreatPost
ThreatPost
added 2020/07/14 9:32 p.m.132 views

Microsoft Tackles 123 Fixes for July Patch Tuesday

A critical DNS bug and a publicly known elevation-of-privilege flaw top Microsoft’s July Patch Tuesday list of 123 fixes. The DNS flaw is a remote code-execution bug and is touted as one of the most critical Windows vulnerabilities released this year, earning the highest-severity CVSS score of 10...

10CVSS0.4AI score0.92178EPSS
Exploits21References12
GithubExploit
GithubExploit
added 2020/07/14 7:2 p.m.37 views

Exploit for Improper Input Validation in Microsoft

This is an educational exercise. Use at your own risk. CVE-...

10CVSS9.9AI score0.92178EPSS
Exploits21
GithubExploit
GithubExploit
added 2020/07/14 7:2 p.m.144 views

Exploit for Improper Input Validation in Microsoft

This is an educational exercise. Use at your own risk. CVE-...

10CVSS9.4AI score0.92178EPSS
Exploits21
MSRC
MSRC
added 2020/07/14 5:1 p.m.570 views

July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server

Today we released an update for CVE-2020-1350, a Critical Remote Code Execution RCE vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all...

10CVSS9.6AI score0.92178EPSS
Exploits21
MSRC
MSRC
added 2020/07/14 7:0 a.m.31 views

July 2020 Security Update: CVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server

Today we released an update for CVE-2020-1350, a Critical Remote Code Execution RCE vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all...

10CVSS7.5AI score0.92178EPSS
Exploits21
Rows per page
Query Builder