Critical Remote Code Execution Flaw in Windows DNS Server...

Question

Critical Remote Code Execution Flaw in Windows DNS Server Disclosed (CVE-2020-1350)As part of the July Patch Tuesday, Microsoft patched a severe vulnerability in Windows DNS Server. CVE-2020-1350 is a remote code execution flaw in Windows DNS Server because the server handles certain DNS requests improperly.&nbsp;CVE-2020-1350 was discovered by Check Point Research, who nicknamed this vulnerability “SIGRed.” It is rated critical, as it was assigned a CVSSv3 score of 10.0. Microsoft published their own blog post about the flaw, including a note that says this vulnerability is “wormable.”For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

haverkos · Answer

Will the blog be updated with the 2 released plugins? Will those plugins be sharpened to reflect whether or not the registry key is set? Right now, credentialed check customers don't have one stop shopping to accurately identify vulnerable servers. Plugin 138554 has a dependency on a reg setting according to its documentation, plugin 138600 flags any server without the latest kernel regardless of the reg key workaround or whether the DNS role is installed, and the .audit only detects if the reg key workaround exists.

snarang · Answer

Hi @Regis P​,Thanks for reaching out to us. The plugins you mentioned are linked under the Identifying Affected Systems section under our standard language ("A list of Tenable plugins to identify this vulnerability will appear&nbsp;here&nbsp;as they’re released.") The plugins and audit file we've produced are several ways to identify affected systems or whether or not mitigations are in place. Since there are multiple avenues of detection, we don't currently have a single "one stop shopping" way to flag vulnerable servers. We are continuing to look into other methods of detection. If you'd like to make a formal request for additional plugin coverage, please reach out to our support team so we can have your request documented. -Satnam

haverkos · Answer

Thanks for the reply.  Satnam. I'm confused though -- do individual customers really have to formally request a reliable plugin without false positives or false negatives for a critical wormable RCE vulnerability?  I can imagine a number of them feel that's really table stakes for credentialed vuln scanning.

dennis_himic · Answer

Plugin 138600 is identifying unpatched kernel in Windows 2012 servers that are not running DNS server and listing as vulnerable to Windows DNS Server RCE (CVE-2020-1350), is the expected?

anonymous · Answer

Hello @Regis P​&nbsp;, @Dennis H​&nbsp;We've updated our Local Check plugin 138600 - Windows DNS Server RCE (CVE-2020-1350)Changes will be available in the feed later today. We've added a validation that the DNS Server Feature is installed in the server. This capability to validate what features are enabled on a Windows Asset were available in our plugin WMI Windows Feature Enumeration (https://www.tenable.com/plugins/nessus/44871).Hopefully the modifications to the existing check will simplify your processes and add more clarification to the plugin being fired. There is also a remote check that would report based on the Microsoft DNS Server detected (138554)  - Microsoft DNS Server Remote Code Execution (SIGRed). Just to note  that in order to get the full Microsoft DNS server version being advertised by the server, the EnableVersionQuery DNS setting would need to be set to 1.

Vulnerability Watch

Forum Discussion

Critical Remote Code Execution Flaw in Windows DNS Server...

5 Replies

Recent Discussions

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Microsoft Patch Tuesday 2025 Year in Review

Americas

Europe

Asia / Australia