CVE-2021-34494
published 2021-07-14CVE-2021-34494: Windows DNS Server Remote Code Execution Vulnerability
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Windows DNS Server Remote Code Execution Vulnerability
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < 6.1.7601.25661 | 6.1.7601.25661 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25661 | 6.1.7601.25661 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 6.0.6003.21167 | 6.0.6003.21167 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23409 | 6.2.9200.23409 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20069 | 6.3.9600.20069 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4530 | 10.0.14393.4530 |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2061 | 10.0.17763.2061 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1110 | 10.0.19041.1110 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19042.1110 | 10.0.19042.1110 |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_2004 | — | — |
| msrc | windows_server_version_20h2 | — | — |
GHSA
GHSA-c54c-p933-mmrc: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34525
ghsa_unreviewed·2022-05-24·CVSS 8.0
CVE-2021-34494 [HIGH] GHSA-c54c-p933-mmrc: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34525
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34525.
GHSA
GHSA-3m64-v24q-w9wr: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525
ghsa_unreviewed·2022-05-24·CVSS 8.0
CVE-2021-33746 [HIGH] GHSA-3m64-v24q-w9wr: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33754, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525.
GHSA
GHSA-86w3-hm4v-hj7x: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525
ghsa_unreviewed·2022-05-24·CVSS 8.0
CVE-2021-33754 [HIGH] GHSA-86w3-hm4v-hj7x: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33780, CVE-2021-34494, CVE-2021-34525.
GHSA
GHSA-5jx6-vwcr-r4rq: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34494
ghsa_unreviewed·2022-05-24·CVSS 8.0
CVE-2021-34525 [HIGH] GHSA-5jx6-vwcr-r4rq: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34494
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-33780, CVE-2021-34494.
GHSA
GHSA-x7wh-c3qc-hfx3: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-34494, CVE-2021-34525
ghsa_unreviewed·2022-05-24·CVSS 8.0
CVE-2021-33780 [HIGH] GHSA-x7wh-c3qc-hfx3: Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-34494, CVE-2021-34525
Windows DNS Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-33746, CVE-2021-33754, CVE-2021-34494, CVE-2021-34525.
Microsoft
Windows DNS Server Remote Code Execution Vulnerability
vendor_msrc·2021-07-13·CVSS 8.8
CVE-2021-34494 [HIGH] Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
FAQ: If my server is not configured to be a DNS server, it is vulnerable?
No, this vulnerability is only exploitable if the server is configured to be a DNS server.
Role: DNS Server: Role: DNS Server
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5004244
Reference: https://support.microsoft.com/help/5004244
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5004237
Reference: https://support.microsoft.com/help/5004237
Reference: https://catalog.update.microsoft.com/v7/site/Sear
No detection rules found.
No public exploits indexed.
Trendmicro
July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
blogs_trendmicro·2021-07-13·CVSS 9.1
[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
Exploits & Vulnerabilities
# July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle.
By: Trend Micro
2021/07/13
Read time: ( words)
Save to Folio
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative.
PrintNightmare pat
Qualys
Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities | Qualys
blogs_qualys·2021-07-13·CVSS 7.8
CVE-2021-34448 [HIGH] Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities | Qualys
### Microsoft Patch Tuesday – July 2021
Microsoft patched 117 vulnerabilities in their July 2021 Patch Tuesday release, and 13 of them are rated as critical severity.
### Critical Microsoft Vulnerabilities Patched
CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
This is being actively exploited. The vulnerability allows an attacker to execute malicious code on a compromised website if a user browses to a specially crafted file on the website. The vendor has assigned a CVSSv3 base score of 6.8 and should be prioritized for patching.
CVE-2021-34494 – Windows DNS Server Remote Code Execution Vulnerability
Microsoft released patches addressing a critical RCE vulnerability in Windows DNS Server (CVE-2021-34494). This CVE has a high likelihood of exploitability and is assi
Tenable
Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)
blogs_tenable·2021-07-13·CVSS 7.8
[HIGH] Microsoft’s July 2021 Patch Tuesday Includes 116 CVEs (CVE-2021-31979, CVE-2021-33771)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
blogs_trendmicro·2021-07-13·CVSS 9.1
[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
Exploits & Vulnerabilities
## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle.
By: Trend Micro 2021/07/13 Read time: ( words)
Save to Folio
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative .
PrintNightmare pa
Trendmicro
July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
blogs_trendmicro·2021-07-13·CVSS 9.1
[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
Exploits & Vulnerabilities
## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle.
By: Trend Micro Jul 13, 2021 Read time: ( words)
Save to Folio
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative .
PrintNightmare
Trendmicro
July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
blogs_trendmicro·2021-07-13·CVSS 9.1
[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
Exploits y vulnerabilidades
## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle.
By: Trend Micro Jul 13, 2021 Read time: ( words)
Save to Folio
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative .
PrintNightmare
Trendmicro
July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
blogs_trendmicro·2021-07-13·CVSS 9.1
[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
Sfruttamento vulnerabilità
## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle.
By: Trend Micro Jul 13, 2021 Read time: ( words)
Save to Folio
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative .
PrintNightmare
Trendmicro
July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
blogs_trendmicro·2021-07-13·CVSS 9.1
[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
Ausnutzung von Schwachstellen
## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle.
By: Trend Micro Jul 13, 2021 Read time: ( words)
Save to Folio
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative .
PrintNightma
Qualys
Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities
blogs_qualys·2021-07-13·CVSS 7.8
CVE-2021-34448 [HIGH] Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities
## Microsoft Patch Tuesday – July 2021
Microsoft patched 117 vulnerabilities in their July 2021 Patch Tuesday release, and 13 of them are rated as critical severity.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
This is being actively exploited. The vulnerability allows an attacker to execute malicious code on a compromised website if a user browses to a specially crafted file on the website. The vendor has assigned a CVSSv3 base score of 6.8 and should be prioritized for patching.
CVE-2021-34494 – Windows DNS Server Remote Code Execution Vulnerability
Microsoft released patches addressing a critical RCE vulnerability in Windows DNS Server (CVE-2021-34494). This CVE has a high likelihood of exploitability and is assign
Krebs
Microsoft Patch Tuesday, July 2021 Edition
blogs_krebs·2021-07-13·CVSS 7.8
[HIGH] Microsoft Patch Tuesday, July 2021 Edition
Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.
Thirteen of the security bugs quashed in this month’s release earned Microsoft’s most-dire “critical” rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users.
Another 103 of the security holes patched this month were flagged as “important,” which Microsoft assigns to vulnerabilities “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”
Among the critical bugs is o
Trendmicro
July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
blogs_trendmicro·2021-07-13·CVSS 9.1
[CRITICAL] July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
Exploits & Vulnerabilities
## July Patch Tuesday: DNS Server, Exchange Server Vulnerabilities Cause Problems
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle.
By: Trend Micro Jul 13, 2021 Read time: ( words)
Save to Folio
After two relatively quiet months, July has proven to be another busy month for Microsoft security bulletins. A total of 117 bulletins were issued for various security vulnerabilities fixed in the July Patch Tuesday cycle. Thirteen of these were rated as Critical, 103 as Important, and one was classified as Moderate. Fifteen were submitted via the Trend Micro Zero Day Initiative .
PrintNightmare
Krebs
Microsoft Patch Tuesday, July 2021 Edition
blogs_krebs·2021-07-13·CVSS 7.8
[HIGH] Microsoft Patch Tuesday, July 2021 Edition
Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.
Thirteen of the security bugs quashed in this month’s release earned Microsoft’s most-dire “critical” rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users.
Another 103 of the security holes patched this month were flagged as “important,” which Microsoft assigns to vulnerabilities “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”
Among the critical bugs is o
Crowdstrike
July 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2021 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
July 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-07-14
Published