The critical remote code execution security vulnerability in Windows DNS known as SIGRed has received a micropatch for servers without an Extended Security Updates (ESU) license.

SIGRed can be exploited in a wormable fashion, allowing an adversary to expand their attack to all affected systems on the network without user interaction. It received the tracking number CVE-2020-1350 and the maximum severity score, 10 out of 10.

Discovered and reported responsibly to Microsoft by Sagi Tzadik and Eyal Itkin from Check Point Research, SIGRed stems from a flaw in how Microsoft implemented the DNS server role and affects all Windows