Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
This vulnerability affects any DNS server with Dynamic Zone Updates enabled. However, an attacker needs to infiltrate a network, gain access to authenticated clients with specific configurations, and have the ability to create custom DNS packets. If the exploit is successful, the attacker can cause a denial of service (DoS) or gain control of the DNS server.
Kill Chain
Risk Score
84
DNS records contain information about a domain, such as an IP address. DNS Zones can be configured on Windows DNS servers (acting as an authoritative nameserver for a domain) to organize records. Typically, a client sends a DNS request that retrieves record information from a DNS server. But a feature called Dynamic Zone Updates enables clients to send a DNS request that updates a record on a DNS server. A vulnerability exists in how the DNS server processes DNS requests for Dynamic Zone Updates. The attacker can send multiple DNS requests that each contain a Signature (SIG) record with a payload of an unexpected size. As the Windows DNS Server processes the requests, a memory allocation error occurs, leading to a heap-based overflow. Malicious, arbitrary code can now run on the Windows DNS Server.
Install relevant patches for affected versions
If unable to patch, limit Dynamic Zone Updates to only accept update requests from trusted servers
