|CERT-In Vulnerability Note
Windows DNS Use-After-Free vulnerability
Original Issue Date:December 09, 2015
Severity Rating: HIGH
- Windows Server 2008 for 32-bit Systems SP 2 (Server Core installation also affected)
- Windows Server 2008 for x64-bit Systems SP 2 (Server Core installation also affected)
- Windows Server 2008 R2 for x64-bit Systems SP 1 (Server Core installation also affected)
- Windows Server 2012 (Server Core installation also affected)
- Windows Server 2012 R2 (Server Core installation also affected)
A vulnerability has been reported in Microsoft Windows Server, which could be exploited by a remote attacker to execute arbitrary code and completely compromise the affected system.
This vulnerability exists in Microsoft Windows DNS server due to improper parsing of DNS requests.
A remote attacker could exploit this vulnerability by sending specially crafted DNS requests, to execute arbitrary code in the context of the Local System Account. Failed exploit attempts will result in denial-of-service (DoS) conditions.
Apply appropriate updates as mentioned in the Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003