Technical Severity
CRITICAL
CVSS v3.1 Metrics
10
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitation Likelihood
EPSS Prediction
93.81
%
Predictive Probability
Percentile Rank
99.9
th
Documented as more likely to be exploited than 99.9% of known CVEs.
Detection Date
Nov 03, 2021
Remediation Due
May 03, 2022
CISA Catalog Active
Threat Analysis
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.
Remediation Directive
Apply updates per vendor instructions.