# CVE-2020-1350 (AKA SIGRed) v0.21

## Summary:  
A Zeek package for detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed - CVE Score of 10.0)

## References: 
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/     
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350  

## Notices raised :   

| Notice | Fidelity  |
| -------- | ---------------------- |
|Potential CVE-2020-1350 Windows DNS exploit (CVE10) has been detected (large DNS response).  Refer to links:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350 and https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/|Medium|
|CVE-2020-1350 Windows DNS exploit (CVE10) has been detected (High Confidence, large SIG/KEY response).  Refer to links:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350 and https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/|High|
|Potential CVE-2020-1350 Windows DNS exploit (CVE10) has been detected (large DNS RRSIG/TKEY response).  Refer to links:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=ALAS-2020-1350 and https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/|Medium/High|