Vulnerabilities in DNS Server Could Allow Remote Code Execution

Vulnerabilities in DNS Server Could Allow Remote Code Execution

Microsoft released MS11-058 to address two vulnerabilities in the Microsoft DNS Service. One of the two issues, CVE-2011-1966, could potentially allow an attacker who successfully exploited the vulnerability to run arbitrary code on Windows Server 2008 and Windows Server 2008 R2 DNS servers having a particular DNS configuration.

Affected DNS configuration
Unlikely to be exploited for code execution
More detail about the attack vector
Answers to common questions

This vulnerability affects DNS servers that allow attackers to issue lookup requests for another domain name in a way that would cause the DNS server to request the answer from a malicious DNS server. Specifically, if an attacker can cause a DNS server to request a DNS NAPTR resource record from a malicious DNS server, the attacker could potentially trigger the vulnerability described by CVE-2011-1966 on the DNS server of which the attacker is making the request.

One common affected configuration is a caching or relay DNS server on a corporate network where a malicious user is lurking. Less likely to be affected are authoritative DNS servers hosting zones exposed to the Internet, where recursion is often disabled. For example, anyone on the Internet can connect to the authoritative DNS server, but that server will not relay requests to a malicious DNS server.

More Info:



  1. What are some good places to advertise webhosting, VPS and dedicated servers?

  2. Ive been meaning to read this and just never obtained a chance. Its an issue that Im very interested in, I just started reading and Im glad I did. Youre a excellent blogger, 1 of the finest that Ive seen. This weblog undoubtedly has some information on topic that I just wasnt aware of. Thanks for bringing this stuff to light.

Sorry, the comment form is closed at this time.

Comments RSS