cbcvebase.
CVE-2016-3227
published 2016-06-16

CVE-2016-3227: Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via…

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
25.46%
97.7th percentile
Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability."

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftwindows_server_2012
msrcwindows_server_2012
msrcwindows_server_2012_r2

Detection & IOCsextracted from sources · hover to see the quote

  • Target service is Windows DNS Server; monitor for anomalous or malformed DNS requests sent to Windows Server 2012 Gold and R2 systems configured as DNS servers
  • Exploitation does not require authentication; any unauthenticated source sending crafted DNS requests to the server should be treated as suspicious
  • Successful exploitation results in code execution as Local System; look for unexpected child processes or anomalous activity spawned from dns.exe running under SYSTEM context
  • ·Only Windows servers explicitly configured as DNS servers are exposed; hosts not acting as DNS servers are not at risk
  • ·Affected versions are limited to Microsoft Windows Server 2012 Gold and R2; scope detection rules accordingly
  • ·As of advisory publication, the vulnerability had not been publicly exploited or disclosed with a working exploit; exploitation was rated 'Less Likely' for both current and older software releases

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.