🐾 - 🚨 Possible exploitation de SIGRed 🔥 CVE-2020-1350 - RCE sur serveur DNS Windows et Contrôleur Active Directory - Suricata Rule 3309543 (pawpatrules)

🐾 - 🚨 Possible exploitation de SIGRed 🔥 CVE-2020-1350 - RCE sur serveur DNS Windows et Contrôleur Active Directory

SID: 3309543Rev: 11 views

Sourcepawpatrules

CreatedJuly 17, 2020

UpdatedJuly 17, 2020

Classificationtrojan-activity

alert tcp any any -> any any (msg:"🐾 - 🚨 Possible exploitation de SIGRed 🔥 CVE-2020-1350 - RCE sur serveur DNS Windows et Contrôleur Active Directory"; content:"|ff|"; startswith; byte_test:1,>=,0xec,0,relative; content:"|00 00 18|"; distance:12; within:64; fast_pattern; content:"|c0|"; distance:2; within:1; content:"|00 18|"; distance:1; within:2; reference:url,https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin:-exploiting-a-17-year-old-bug-in-windows-dns-servers/; reference:url,https://portal.msrc.microsoft.com/fr-fr/security-guidance/advisory/CVE-2020-1350; reference:url,https://support.microsoft.com/fr-fr/help/4569509/windows-dns-server-remote-code-execution-vulnerability; reference:url,https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-16/; reference:cve,2020-1350; metadata:created_at 2020_07_17, updated_at 2020_07_17; sid:3309543; rev:1; classtype:trojan-activity;)

References

url	https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin:-exploiting-a-17-year-old-bug-in-windows-dns-servers/
url	https://portal.msrc.microsoft.com/fr-fr/security-guidance/advisory/CVE-2020-1350
url	https://support.microsoft.com/fr-fr/help/4569509/windows-dns-server-remote-code-execution-vulnerability
url	https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-16/
cve	2020-1350

🐾 - 🚨 Possible exploitation de SIGRed 🔥 CVE-2020-1350 - RCE sur serveur DNS Windows et Contrôleur Active Directory

References

Metadata

Comments (0)