Exploitation of a Critical Vulnerability: SIGRED (French)

On July 14, 2020, a critical vulnerability named SIGRED (CVE-2020-1350) was disclosed. This vulnerability has a severity score of 10/10 (CVSS) and affects Microsoft Windows Server DNS versions from 2003 to 2019. Exploiting this vulnerability can lead to a denial of service for DNS servers, which can have a significant impact on an organization.

In this article, we demonstrate how it is possible to exploit this vulnerability concretely to crash a Microsoft DNS server.