CVE-2021-26895 — Code Injection in Microsoft Windows Server 2008 R2 Service Pack 1

CWE-94 — Code Injection13 documents8 sources

Severity

9.8CRITICALNVD

EPSS

9.9%

top 6.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows Server 2012 +6 more

Timeline

PublishedMar 11

Latest updateMay 24

Description

Windows DNS Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5microsoft/windows_server_20126.2.0 — publication

▶CVEListV5microsoft/windows_server_201610.0.0 — publication

▶CVEListV5microsoft/windows_server_201910.0.0 — publication

▶CVEListV5microsoft/windows_server_2012_r26.3.0 — publication

▶CVEListV5microsoft/windows_server_version_200410.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-8546-vjcf-9r45: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897↗2022-05-24

▶

GHSA

GHSA-86v8-8qp7-vj9r: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26893, CVE-2021-26894, CVE-2021-26895, CVE-2021-26897↗2022-05-24

▶

GHSA

GHSA-wjv8-g83f-g23g: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26897↗2022-05-24

▶

GHSA

GHSA-5hxq-rvgg-jqff: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26894, CVE-2021-26895↗2022-05-24

▶

GHSA

GHSA-96hx-qvj2-8fpm: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26877, CVE-2021-26893, CVE-2021-26895, CVE-2021-26897↗2022-05-24

▶

📋Vendor Advisories

Microsoft

Windows DNS Server Remote Code Execution Vulnerability↗2021-03-09

▶

🕵️Threat Intelligence

Trendmicro

March Patch Tuesday: Fixes for Exchange Server, IE↗2021-03-10

▶

Tenable

Microsoft’s March 2021 Patch Tuesday Addresses 82 CVEs (CVE-2021-26411)↗2021-03-09

▶

Talos

Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities↗2021-03-09

▶

Talos

Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities↗2021-03-09

▶

Crowdstrike

March 2021 Patch Tuesday: Updates and Analysis↗

▶