CVE-2017-11779
published 2017-10-13CVE-2017-11779: The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and…
PriorityP358high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
33.10%
98.2th percentile
The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | windows_domain_name_system | — | — |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
| msrc | windows_10_version_1511_for_32-bit_systems | — | — |
| msrc | windows_10_version_1511_for_x64-based_systems | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
| msrc | windows_10_version_1703_for_32-bit_systems | — | — |
| msrc | windows_10_version_1703_for_x64-based_systems | — | — |
| msrc | windows_8.1_for_32-bit_systems | — | — |
| msrc | windows_8.1_for_x64-based_systems | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pm2x-f9j3-mfm9: The Microsoft Windows Domain Name System (DNS) DNSAPI
ghsa_unreviewed·2022-05-13
CVE-2017-11779 [HIGH] GHSA-pm2x-f9j3-mfm9: The Microsoft Windows Domain Name System (DNS) DNSAPI
The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".
Microsoft
Windows DNSAPI Remote Code Execution Vulnerability
vendor_msrc·2017-10-10·CVSS 8.1
CVE-2017-11779 [HIGH] Windows DNSAPI Remote Code Execution Vulnerability
Windows DNSAPI Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account.
To exploit the vulnerability, the attacker would use a malicious DNS server to send corrupted DNS responses to the target.
The update addresses the vulnerability by modifying how Windows DNSAPI.dll handles DNS responses.
Microsoft Windows DNS: Microsoft Windows DNS
Issuing CNA: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likel
No detection rules found.
No public exploits indexed.
Krebs
Microsoft’s October Patch Batch Fixes 62 Flaws
blogs_krebs·2017-10-11·CVSS 7.5
[HIGH] Microsoft’s October Patch Batch Fixes 62 Flaws
Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows , Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start.
Roughly half of the flaws Microsoft addressed this week are in the code that makes up various versions of Windows, and 28 of them were labeled “critical” — meaning malware or malicious attackers could use the weaknesses to break into Windows computers remotely with no help from users.
One of the publicly disclosed Windows flaws ( CVE-2017-8703 ) fixed in this batch is a problem with a feature only present in Windows 10 known as the Windows Subsystem for Linux , which allows Wi
Krebs
Microsoft’s October Patch Batch Fixes 62 Flaws
blogs_krebs·2017-10-11·CVSS 7.5
CVE-2017-8703 [HIGH] Microsoft’s October Patch Batch Fixes 62 Flaws
Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start.
One of the publicly disclosed Windows flaws (CVE-2017-8703) fixed in this batch is a problem with a feature only present in Windows 10 known as the Windows Subsystem for Linux, which allows Windows 10 users to run unmodified Linux binary files. Researchers at CheckPoint recently released some interesting research worth reading about how attackers might soon use this capability to bypass antivirus and other security solutions on Windows.
The bug quashed this week that’s being ac
Qualys
October Patch Tuesday: 28 Critical Microsoft Vulnerabilities | Qualys
blogs_qualys·2017-10-10·CVSS 8.8
CVE-2017-11826 [HIGH] October Patch Tuesday: 28 Critical Microsoft Vulnerabilities | Qualys
Today Microsoft released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild.
Top priority for patching should go to a vulnerability in Microsoft Office, CVE-2017-11826, which Microsoft has ranked as “Important” and is actively being exploited in the wild.
Priority should also be given to CVE-2017-11771, which is a vulnerability in the Windows Search service. This is the fourth Patch Tuesday this year to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SMB
Qualys
October Patch Tuesday: 28 Critical Microsoft Vulnerabilities
blogs_qualys·2017-10-10·CVSS 8.8
CVE-2017-11826 [HIGH] October Patch Tuesday: 28 Critical Microsoft Vulnerabilities
Today Microsoft released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in Microsoft Office is being actively exploited in the wild.
Top priority for patching should go to a vulnerability in Microsoft Office, CVE-2017-11826 , which Microsoft has ranked as “Important” and is actively being exploited in the wild.
Priority should also be given to CVE-2017-11771 , which is a vulnerability in the Windows Search service. This is the fourth Patch Tuesday this year to feature a vulnerability in this service. As with the others, this vulnerability can be exploited remotely via SM
Talos
Microsoft Patch Tuesday - October 2017
blogs_talos·2017-10-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - October 2017
## Microsoft Patch Tuesday - October 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more.
## Vulnerabilities Rated Critical The following vulnerabilities are rated "Critical" by Microsoft:
CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability
CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability
CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability
CVE-2017-11763 - Microsoft G
Talos
Microsoft Patch Tuesday - October 2017
blogs_talos·2017-10-10·CVSS 8.8
[HIGH] Microsoft Patch Tuesday - October 2017
Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, and more.
## Vulnerabilities Rated CriticalThe following vulnerabilities are rated "Critical" by Microsoft:
- CVE-2017-11813 - Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11822 - Internet Explorer Memory Corruption Vulnerability
- CVE-2017-11762 - Microsoft Graphics Remote Code Execution Vulnerability
- CVE-2017-11763 - Microsoft Graphics Remote Code Execution Vulnerabi
http://www.securityfocus.com/bid/101166http://www.securitytracker.com/id/1039533https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779http://www.securityfocus.com/bid/101166http://www.securitytracker.com/id/1039533https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779
2017-10-13
Published