Windows DNS Client – Memory Corruption Vulnerabilities
October 10, 2017
March 7, 2017
Windows 8 through Windows 10, and Windows Server 2012 through 2016.
High-risk memory corruption vulnerabilities in the Windows DNS client could lead to the compromise of a device or system. These issues relate to insufficient validation of data during the parsing of NSEC3 DNS Resource Records (RRs), resulting in corruption of the affected application's heap. If fully exploited, these vulnerabilities would enable an attacker to execute arbitrary code on the target host, and subsequently gain full administrative control of the affected host.
The vulnerabilities were remediated in CVE-2017-11779 as part of Microsoft's October Patch Tuesday update.
- March 7, 2017: Issue initially reported to Microsoft
- March 8, 2017: Microsoft confirms receipt of report, case opened
- March 9, 2017: Microsoft confirms vulnerability and that they are working on a fix
- April 27, 2017: Bishop Fox requests status update
- May 2, 2017: Microsoft provides update that triage is still in process, with no ETA
- May 12, 2017: Microsoft advises an August release date
- June 26, 2017: Microsoft advises that due to unforeseen circumstances, the release is pushed back to October
- October 10, 2017: Patch released
Nick Freeman of Bishop Fox
Please refer to the technical write-up at the Bishop Fox blog.
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.