CVE-2021-24078
published 2021-02-25CVE-2021-24078: Windows DNS Server Remote Code Execution Vulnerability
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
11.15%
95.4th percentile
Windows DNS Server Remote Code Execution Vulnerability
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < publication | publication |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < publication | publication |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < publication | publication |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < publication | publication |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < publication | publication |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < publication | publication |
| microsoft | windows_server_2019 | >= 10.0.0 < publication | publication |
| microsoft | windows_server_version_2004 | >= 10.0.0 < publication | publication |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < publication | publication |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_1909 | — | — |
| msrc | windows_server_version_2004 | — | — |
| msrc | windows_server_version_20h2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-24078 is only exploitable on servers configured with the DNS Server role; non-DNS servers are not vulnerable. ↗
- →Exploitation can be triggered remotely by causing a vulnerable Windows DNS server to perform a recursive query for a previously unseen domain — e.g., via a phishing email containing a link or embedded image referencing a new domain. ↗
- →Microsoft rates exploitation as 'More Likely' for both latest and older software releases; prioritize patching Windows Server DNS roles accordingly. ↗
- ·Vulnerability only affects Windows Server systems configured with the DNS Server role; Windows desktop/client systems are not affected. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x3fp-6hv6-r4pq: Windows DNS Server Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-24078 [CRITICAL] GHSA-x3fp-6hv6-r4pq: Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Microsoft
Windows DNS Server Remote Code Execution Vulnerability
vendor_msrc·2021-02-09·CVSS 9.8
CVE-2021-24078 [CRITICAL] Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
FAQ: If my server is not configured to be a DNS server, it is vulnerable?
No, this vulnerability is only exploitable if the server is configured to be a DNS server.
Role: DNS Server: Role: DNS Server
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601345
Reference: https://support.microsoft.com/help/4601345
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601315
Reference: https://support.microsoft.com/help/4601315
Reference: https://catalog.update.microsoft.com/v7/site/Sear
No detection rules found.
No public exploits indexed.
Trendmicro
March Patch Tuesday: Fixes for Exchange Server, IE
blogs_trendmicro·2021-03-10·CVSS 9.1
[CRITICAL] March Patch Tuesday: Fixes for Exchange Server, IE
# March Patch Tuesday: Fixes for Exchange Server, IE
This month’s Patch Tuesday includes fixes already released for the Microsoft Exchange Server zero-day flaws attributed to Hafnium attacks.
By: Trend Micro
2021/03/10
Read time: ( words)
Save to Folio
This month’s Patch Tuesday features close to a hundred fixes, almost doubling last month’s total. The list includes patches already released for the Microsoft Exchange Server zero-day flaws attributed to Hafnium attacks.
Out of 89 patches released, 14 were rated Critical while the rest were deemed Important. Most of the critical vulnerabilities involve remote code execution (RCE) link except for an information disclosure bug. Fifteen of these were reported by the Zero Day Initiative (ZDI).
Microsoft Exchange Server Vulnerabilities
Th
Trendmicro
February Patch Tuesday Fixes 11 Critical Bugs
blogs_trendmicro·2021-02-10·CVSS 9.8
[CRITICAL] February Patch Tuesday Fixes 11 Critical Bugs
Exploits & Vulnerabilities
# February Patch Tuesday Fixes 11 Critical Bugs
Microsoft fixed 56 vulnerabilities - 11 of them rated Critical - in the February Patch Tuesday cycle.
By: Trend Micro
2021/02/10
Read time: ( words)
Save to Folio
February’s Patch Tuesday fixes a total of 56 vulnerabilities, with 11 of these being rated as Critical by Microsoft. This represents a decline both from January’s total of 83 vulnerabilities, as well as that of the same month in 2020, which had 99. Six of these vulnerabilities had been disclosed publicly, with a separate vulnerability being already exploited beforehand. Seven of these vulnerabilities were disclosed via the Zero Day Initiative (ZDI).
Fixed Critical Vulnerabilities: Networking components, Codecs
The nine Critical vulnerabilities are
Krebs
Microsoft Patch Tuesday, February 2021 Edition
blogs_krebs·2021-02-09·CVSS 7.8
[HIGH] Microsoft Patch Tuesday, February 2021 Edition
Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws.
Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems with little or no help from users.
The flaw being exploited in the wild already — CVE-2021-1732 — affects Windows 10, Server 2016 and later editions. It received a slightly less dire “important” rating and mainly because it is a vulnerability that lets an attacker increase their authority and control on a device, wh
Tenable
Microsoft’s February 2021 Patch Tuesday Addresses 56 CVEs (CVE-2021-24074, CVE-2021-24094, CVE-2021-24086)
blogs_tenable·2021-02-09·CVSS 9.8
[CRITICAL] Microsoft’s February 2021 Patch Tuesday Addresses 56 CVEs (CVE-2021-24074, CVE-2021-24094, CVE-2021-24086)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Microsoft Patch Tuesday, February 2021 Edition
blogs_krebs·2021-02-09·CVSS 7.8
[HIGH] Microsoft Patch Tuesday, February 2021 Edition
Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws.
Nine of the 56 vulnerabilities earned Microsoft’s most urgent “critical” rating, meaning malware or miscreants could use them to seize remote control over unpatched systems with little or no help from users.
The flaw being exploited in the wild already — CVE-2021-1732 — affects Windows 10, Server 2016 and later editions. It received a slightly less dire “important” rating and mainly because it is a vulnerability that lets an attacker increase their authority and control on a device, wh
Qualys
February 2021 Patch Tuesday – 56 Vulnerabilities, 11 Critical, Adobe
blogs_qualys·2021-02-09·CVSS 7.8
CVE-2021-24074 [HIGH] February 2021 Patch Tuesday – 56 Vulnerabilities, 11 Critical, Adobe
This month’s Microsoft Patch Tuesday addresses 56 vulnerabilities, of which 11 are rated as Critical. Adobe released patches today for Reader, Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.
## TCP/IP Trio
Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074 and CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). While there is no evidence that these vulnerabilities are exploited in wild, these vulnerabilities should be prioritized given their impact.
## Windows Fax Service
Microsoft released patches to fix a remote code execution vulnerability in Windows Fax Service (CVE-2021-24077). This vulnerability has a CVSSv3 base sco
Qualys
February 2021 Patch Tuesday – 56 Vulnerabilities, 11 Critical, Adobe | Qualys
blogs_qualys·2021-02-09·CVSS 7.8
CVE-2021-24074 [HIGH] February 2021 Patch Tuesday – 56 Vulnerabilities, 11 Critical, Adobe | Qualys
This month’s Microsoft Patch Tuesday addresses 56 vulnerabilities, of which 11 are rated as Critical. Adobe released patches today for Reader, Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.
### TCP/IP Trio
Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074 and CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). While there is no evidence that these vulnerabilities are exploited in wild, these vulnerabilities should be prioritized given their impact.
### Windows Fax Service
Microsoft released patches to fix a remote code execution vulnerability in Windows Fax Service (CVE-2021-24077). This vulnerability has a CVSSv3 base s
Zscaler
Zscaler protects against 4 new vulnerabilities for MS-Window
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler protects against 4 new vulnerabilities for MS-Window
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Crowdstrike
March 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] March 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-02-25
Published