CVE-2017-11779Corporation Windows Domain Name System vulnerability

9 documents6 sources
Severity
8.1HIGHNVD
EPSS
38.3%
top 2.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Microsoft Corporation Windows Domain Name SystemMicrosoft Windows 10Microsoft Windows Server 2012+14 more
Timeline
PublishedOct 13
Latest updateMay 13

Description

The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages17 packages

CVEListV5microsoft_corporation/windows_domain_name_systemMicrosoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-pm2x-f9j3-mfm9: The Microsoft Windows Domain Name System (DNS) DNSAPI2022-05-13

📋Vendor Advisories

1
Microsoft
Windows DNSAPI Remote Code Execution Vulnerability2017-10-10

🕵️Threat Intelligence

6
Krebs
Microsoft’s October Patch Batch Fixes 62 Flaws2017-10-11
Krebs
Microsoft’s October Patch Batch Fixes 62 Flaws2017-10-11
Qualys
October Patch Tuesday: 28 Critical Microsoft Vulnerabilities | Qualys2017-10-10
Qualys
October Patch Tuesday: 28 Critical Microsoft Vulnerabilities2017-10-10
Talos
Microsoft Patch Tuesday - October 20172017-10-10