CVE-2021-24078 — Microsoft Windows Server 2008 R2 Service Pack 1 vulnerability

13 documents10 sources

Severity

9.8CRITICALNVD

EPSS

12.4%

top 6.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows Server 2012 +6 more

Timeline

PublishedFeb 25

Latest updateMay 24

Description

Windows DNS Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5microsoft/windows_server_20126.2.0 — publication

▶CVEListV5microsoft/windows_server_201610.0.0 — publication

▶CVEListV5microsoft/windows_server_201910.0.0 — publication

▶CVEListV5microsoft/windows_server_2012_r26.3.0 — publication

▶CVEListV5microsoft/windows_server_version_200410.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-x3fp-6hv6-r4pq: Windows DNS Server Remote Code Execution Vulnerability↗2022-05-24

▶

CVEList

Windows DNS Server Remote Code Execution Vulnerability↗2021-02-25

▶

📋Vendor Advisories

Microsoft

Windows DNS Server Remote Code Execution Vulnerability↗2021-02-09

▶

🕵️Threat Intelligence

Trendmicro

March Patch Tuesday: Fixes for Exchange Server, IE↗2021-03-10

▶

Trendmicro

February Patch Tuesday Fixes 11 Critical Bugs↗2021-02-10

▶

Krebs

Microsoft Patch Tuesday, February 2021 Edition↗2021-02-09

▶

Tenable

Microsoft’s February 2021 Patch Tuesday Addresses 56 CVEs (CVE-2021-24074, CVE-2021-24094, CVE-2021-24086)↗2021-02-09

▶

Krebs

Microsoft Patch Tuesday, February 2021 Edition↗2021-02-09

▶