| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-071 | Security Update for Microsoft Windows DNS Server (3164065) | Windows Server | Critical | 15-06-2016 |
Technical Information
Brief overview of the risk:
The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.
Detailed Information on the risk:
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
Windows Server 2012 To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
Further information on this exploit is available at : MS16-071
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)
Affected Software
Windows Server 2012Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)