CRITICALCVSS10.0

Actively Exploited

KB4558998: Windows Server Security Update (July 2020)

Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

Published Jul 14, 2020 · Updated May 16, 2026

Why patchRisk explained in plain English

Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-05-03 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Improper Input Validation (CWE-20) vulnerability in Microsoft Windows. A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

→

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

●Windows Administrators

●Systems Engineers

●IT Security

●Running windows server 2008: -, r2; windows server 2012: -, r2; windows server 2016: -; windows server 2019: -

Fixed inKB4558998, KB4565483, KB4565503, KB4565511, KB4565524, KB4565529, KB4565535, KB4565536, KB4565537, KB4565539, KB4565540, KB4565541 (applies to 17 product versions)

Real-world incidentsWhat we've seen

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2021-11-03 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2022-05-03.

How to patch

Manual download

For air-gapped servers or out-of-band deployment. Microsoft Update Catalog returns every OS-version variant of this update.

↗ Microsoft Update CatalogKB4558998

Manual remediation steps

Apply the Microsoft Security Update

Microsoft has released an official security update that fixes this vulnerability.

Required KB Updates

KB4558998 — https://support.microsoft.com/help/4558998

KB4565483 — https://support.microsoft.com/help/4565483

KB4565503 — https://support.microsoft.com/help/4565503

KB4565511 — https://support.microsoft.com/help/4565511

KB4565524 — https://support.microsoft.com/help/4565524

KB4565529 — https://support.microsoft.com/help/4565529

KB4565535 — https://support.microsoft.com/help/4565535

KB4565536 — https://support.microsoft.com/help/4565536

KB4565537 — https://support.microsoft.com/help/4565537

KB4565539 — https://support.microsoft.com/help/4565539

KB4565540 — https://support.microsoft.com/help/4565540

KB4565541 — https://support.microsoft.com/help/4565541

Supersedes: KB4557957, KB4560960, KB4561608, KB4561612, KB4561616, KB4561643, KB4561666, KB4561670

Affected Products

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

Installation Methods

Windows Update (recommended)

Settings → Windows Update → Check for updates

The security update is offered if your system is in scope

Restart when prompted — a reboot IS required to complete the install

Microsoft Update Catalog (manual download)

Open https://catalog.update.microsoft.com

Search for KB4558998

Download the package matching your OS architecture and Windows build

Run the .msu installer with administrator privileges

Restart when prompted

WSUS / SCCM / Intune

Approve KB4558998 for the affected products in your update management console.

Microsoft Download Center Links

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4558998

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565483

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565503

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565511

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4565524

(…7 more)

Verification

Confirm the update is installed:

Get-HotFix | Where-Object { $_.HotFixID -in @('KB4558998','KB4565483','KB4565503','KB4565511','KB4565524','KB4565529','KB4565535','KB4565536','KB4565537','KB4565539','KB4565540','KB4565541') }

References

Microsoft Security Response Center: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

KB article: https://support.microsoft.com/help/4558998

KB article: https://support.microsoft.com/help/4565483

KB article: https://support.microsoft.com/help/4565511

NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2020-1350

CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1350

Discovery Credit

Sagi Tzadik and Eyal Itkin from Check Point Research

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

↗ CVE-2020-1350 ↗ MSRC Advisory ↗ NVD ↗ KBKB4558998