{"cve":{"cve_id":"CVE-2020-1350","is_kev":true,"kev_date_added":"2021-11-03","kev_vendor_project":"Microsoft","kev_product":"Windows","kev_vulnerability_name":"Microsoft Windows DNS Server Remote Code Execution Vulnerability","kev_short_description":"Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-05-03","kev_known_ransomware":false,"kev_notes":"Reference CISA's ED 20-03 (https://www.cisa.gov/news-events/directives/ed-20-03-mitigate-windows-dns-server-remote-code-execution-vulnerability-july-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-03. https://nvd.nist.gov/vuln/detail/CVE-2020-1350","kev_cwes":[],"epss_score":0.92178,"epss_percentile":0.99808,"epss_as_of":"2026-06-23","description":"A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.","published_at":"2020-07-14T22:54:06Z","last_modified_at":null,"cvss_v3_score":10.0,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":true,"ssvc_technical_impact":"total","cwes":["CWE-20"],"nvd_references":["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350","http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:13:26.975003Z"},"effective_severity":"CRITICAL","badges":["kev","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2019","version_start_inclusive":true,"version_end":"2019","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2019:2019"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2019  (Core installation)","version_start_inclusive":true,"version_end":"2019  (Core installation)","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2019  (Core installation):2019  (Core installation)"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2016","version_start_inclusive":true,"version_end":"2016","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2016:2016"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2016  (Core installation)","version_start_inclusive":true,"version_end":"2016  (Core installation)","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2016  (Core installation):2016  (Core installation)"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2008 for 32-bit Systems Service Pack 2","version_start_inclusive":true,"version_end":"2008 for 32-bit Systems Service Pack 2","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2008 for 32-bit Systems Service Pack 2:2008 for 32-bit Systems Service Pack 2"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2008 for 32-bit Systems Service Pack 2 (Core installation)","version_start_inclusive":true,"version_end":"2008 for 32-bit Systems Service Pack 2 (Core installation)","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2008 for 32-bit Systems Service Pack 2 (Core installation):2008 for 32-bit Systems Service Pack 2 (Core installation)"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2008 for x64-based Systems Service Pack 2","version_start_inclusive":true,"version_end":"2008 for x64-based Systems Service Pack 2","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2008 for x64-based Systems Service Pack 2:2008 for x64-based Systems Service Pack 2"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2008 for x64-based Systems Service Pack 2 (Core installation)","version_start_inclusive":true,"version_end":"2008 for x64-based Systems Service Pack 2 (Core installation)","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2008 for x64-based Systems Service Pack 2 (Core installation):2008 for x64-based Systems Service Pack 2 (Core installation)"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2008 R2 for x64-based Systems Service Pack 1","version_start_inclusive":true,"version_end":"2008 R2 for x64-based Systems Service Pack 1","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2008 R2 for x64-based Systems Service Pack 1:2008 R2 for x64-based Systems Service Pack 1"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2008 R2 for x64-based Systems Service Pack 1 (Core installation)","version_start_inclusive":true,"version_end":"2008 R2 for x64-based Systems Service Pack 1 (Core installation)","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2008 R2 for x64-based Systems Service Pack 1 (Core installation):2008 R2 for x64-based Systems Service Pack 1 (Core installation)"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2012","version_start_inclusive":true,"version_end":"2012","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2012:2012"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2012 (Core installation)","version_start_inclusive":true,"version_end":"2012 (Core installation)","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2012 (Core installation):2012 (Core installation)"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2012 R2","version_start_inclusive":true,"version_end":"2012 R2","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2012 R2:2012 R2"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server","product_name":"Windows Server","version_start":"2012 R2 (Core installation)","version_start_inclusive":true,"version_end":"2012 R2 (Core installation)","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server:2012 R2 (Core installation):2012 R2 (Core installation)"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server-version-1903-server-core-installation","product_name":"Windows Server, version 1903 (Server Core installation)","version_start":"unspecified","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server-version-1903-server-core-installation:unspecified:unspecified"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server-version-1909-server-core-installation","product_name":"Windows Server, version 1909 (Server Core installation)","version_start":"unspecified","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server-version-1909-server-core-installation:unspecified:unspecified"},{"vendor_slug":"microsoft","vendor_name":"Microsoft","product_slug":"windows-server-version-2004-server-core-installation","product_name":"Windows Server, version 2004 (Server Core installation)","version_start":"unspecified","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":true,"cpe23_uri":"cve5:microsoft:windows-server-version-2004-server-core-installation:unspecified:unspecified"}],"exploit_refs":[],"news":[],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"http://packetstormsecurity.com/files/158484/SIGRed-Windows-DNS-Denial-Of-Service.html","source_type":"EXPLOIT","tags":["exploit"]}],"timeline":[{"type":"published","at":"2020-07-14T22:54:06Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2021-11-03T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"ssvc_changed","at":"2026-06-24T00:31:28.220836Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:28.220836Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:28.220836Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:28.220836Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:28.220836Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:28.220836Z","label":"CVSS score revised","source":"vulnrichment"}]}