Security Update for Microsoft Windows DNS to Address Remote Code Execution (MS15-127)

ITS Advisory Number: 
2015-146
Date(s) Issued: 
Tuesday, December 8, 2015
Subject: 
Security Update for Microsoft Windows DNS to Address Remote Code Execution (MS15-127)
Overview: 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.

An attacker who successfully exploits this vulnerability could gain the same user rights as the current user and the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Server Core Installations for Windows Server 2008 32-bit Systems Service Pack 2
  • Server Core Installations for Windows Server 2008 64-bit Systems Service Pack 2
  • Server Core Installations for Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Server Core Installations for Windows Server 2012
  • Server Core Installations for Windows Server 2012 R2
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly parse requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

An attacker could create a specially crafted application to connect to a Windows DNS server and then issue malicious requests to the server. The update addresses the vulnerability by modifying how Windows DNS servers parse requests.

Actions: 
  • If you are running Windows DNS on your servers, download and patch immediately.