CVE-2022-26814Race Condition in Microsoft Windows Server 2012 R2

CWE-362Race Condition22 documents6 sources
Severity
6.6MEDIUMNVD
EPSS
1.8%
top 17.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Microsoft Windows Server 2012 R2Microsoft Windows Server 2016Microsoft Windows Server 2019+3 more
Timeline
PublishedApr 15
Latest updateApr 16

Description

Windows DNS Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages6 packages

CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.5066
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.2803
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.643
CVEListV5microsoft/windows_server_2012_r26.3.9600.06.3.9600.20337
CVEListV5microsoft/windows_server_version_20h210.0.010.0.19042.1645

🔴Vulnerability Details

18
GHSA
GHSA-v5m5-87cx-vqf2: Windows DNS Server Remote Code Execution Vulnerability2022-04-16
GHSA
GHSA-5f92-rmj7-665j: Windows DNS Server Remote Code Execution Vulnerability2022-04-16
GHSA
GHSA-2hf6-2xwx-h8c4: Windows DNS Server Remote Code Execution Vulnerability2022-04-16
GHSA
GHSA-hm4p-5rh2-8894: Windows DNS Server Remote Code Execution Vulnerability2022-04-16
GHSA
GHSA-96qj-c9wr-w9gx: Windows DNS Server Remote Code Execution Vulnerability2022-04-16

📋Vendor Advisories

1
Microsoft
Windows DNS Server Remote Code Execution Vulnerability2022-04-12

🕵️Threat Intelligence

2
Tenable
Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)2022-04-12
Crowdstrike
April 2022 Patch Tuesday: Updates and Analysis
CVE-2022-26814 — Race Condition in Microsoft | cvebase