The critical remote code execution security vulnerability in Windows DNS known as SIGRed has received a micropatch for servers without an Extended Security Updates (ESU) license. SIGRed can be exploited in a wormable fashion, allowing an adversary to expand their attack to all affected systems on the network without user interaction. The fix is delivered in memory and no system restart is necessary. A fix is available clients with a 0Patch PRO subscription that run Windows Server 2008 R2. The plan is to port it for version 2003 of the server.
Source: https://www.bleepingcomputer.com/news/security/critical-sigred-windows-dns-bug-gets-micropatch-after-pocs-released/
