CVE-2021-34494 — Microsoft Windows Server 2008 R2 Service Pack 1 vulnerability

22 documents9 sources

Severity

8.8HIGHNVD

EPSS

3.0%

top 13.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008 R2 Service Pack 1 Microsoft Windows Server 2008 Service Pack 2 Microsoft Windows Server 2012 +6 more

Timeline

PublishedJul 14

Latest updateMay 24

Description

Windows DNS Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5microsoft/windows_server_20126.2.0 — 6.2.9200.23409

▶CVEListV5microsoft/windows_server_201610.0.0 — 10.0.14393.4530

▶CVEListV5microsoft/windows_server_201910.0.0 — 10.0.17763.2061

▶CVEListV5microsoft/windows_server_2012_r26.3.0 — 6.3.9600.20069

▶CVEListV5microsoft/windows_server_version_200410.0.0 — 10.0.19041.1110

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-c54c-p933-mmrc: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34525↗2022-05-24

▶

GHSA

GHSA-3m64-v24q-w9wr: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525↗2022-05-24

▶

GHSA

GHSA-86w3-hm4v-hj7x: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525↗2022-05-24

▶

GHSA

GHSA-5jx6-vwcr-r4rq: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34494↗2022-05-24

▶

GHSA

GHSA-x7wh-c3qc-hfx3: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-34494, CVE-2021-34525↗2022-05-24

▶

📋Vendor Advisories

Microsoft

Windows DNS Server Remote Code Execution Vulnerability↗2021-07-13

▶

🕵️Threat Intelligence

Trendmicro

July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems↗2021-07-13

▶

Qualys

Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities | Qualys↗2021-07-13

▶

Tenable

Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)↗2021-07-13

▶

Trendmicro

July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems↗2021-07-13

▶

Trendmicro

July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems↗2021-07-13

▶