CVE-2022-26825 — Race Condition in Microsoft Windows Server 2016

CWE-362 — Race Condition21 documents5 sources

Severity

7.2HIGHNVD

EPSS

10.1%

top 6.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 2022 +1 more

Timeline

PublishedApr 15

Latest updateApr 16

Description

Windows DNS Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.5066

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.2803

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.643

▶CVEListV5microsoft/windows_server_version_20h210.0.0 — 10.0.19042.1645

▶NVDmicrosoft/windows20h2

🔴Vulnerability Details

GHSA

GHSA-v5m5-87cx-vqf2: Windows DNS Server Remote Code Execution Vulnerability↗2022-04-16

▶

GHSA

GHSA-5f92-rmj7-665j: Windows DNS Server Remote Code Execution Vulnerability↗2022-04-16

▶

GHSA

GHSA-2hf6-2xwx-h8c4: Windows DNS Server Remote Code Execution Vulnerability↗2022-04-16

▶

GHSA

GHSA-hm4p-5rh2-8894: Windows DNS Server Remote Code Execution Vulnerability↗2022-04-16

▶

GHSA

GHSA-96qj-c9wr-w9gx: Windows DNS Server Remote Code Execution Vulnerability↗2022-04-16

▶

📋Vendor Advisories

Microsoft

Windows DNS Server Remote Code Execution Vulnerability↗2022-04-12

▶

🕵️Threat Intelligence

Crowdstrike

April 2022 Patch Tuesday: Updates and Analysis↗

▶