CVE-2021-26896 — Microsoft Windows Server 2008 R2 Service Pack 1 vulnerability

9 documents7 sources

Severity

7.5HIGHNVD

EPSS

20.4%

top 4.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows Server 2012 +6 more

Timeline

PublishedMar 11

Latest updateMay 24

Description

Windows DNS Server Denial of Service Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶CVEListV5microsoft/windows_server_2008_service_pack_26.0.0 — publication

▶CVEListV5microsoft/windows_server_2008_r2_service_pack_16.1.0 — publication+1

▶CVEListV5microsoft/windows_server_20126.2.0 — publication

▶CVEListV5microsoft/windows_server_201610.0.0 — publication

▶CVEListV5microsoft/windows_server_201910.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-fg89-fq65-83p5: Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-27063↗2022-05-24

▶

GHSA

GHSA-wvrr-f44c-x28v: Windows DNS Server Denial of Service Vulnerability This CVE ID is unique from CVE-2021-26896↗2022-05-24

▶

CVEList

Windows DNS Server Denial of Service Vulnerability↗2021-03-11

▶

📋Vendor Advisories

Microsoft

Windows DNS Server Denial of Service Vulnerability↗2021-03-09

▶

🕵️Threat Intelligence

Trendmicro

March Patch Tuesday: Fixes for Exchange Server, IE↗2021-03-10

▶

Tenable

Microsoft’s March 2021 Patch Tuesday Addresses 82 CVEs (CVE-2021-26411)↗2021-03-09

▶

Talos

Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities↗2021-03-09

▶

Talos

Microsoft Patch Tuesday for March 2021 — Snort rules and prominent vulnerabilities↗2021-03-09

▶