Critical vulnerability in Microsoft Windows Server
A Remote Code Execution (RCE) vulnerability exists in Windows Domain Name System (DNS) servers. This allows an unauthenticated remote attacker to run arbitrary code in the Local System context.
This is a wormable vulnerability, meaning an attack on a single compromised machine can spread from one vulnerable computer to another without any human interaction.
Windows servers running the DNS server on any of the following versions:
- Windows Server 2003, 2008, 2012, 2016, 2019
- Windows Server, versions 1903, 1909, 2004
Windows Servers with the DNS role, including Domain Controllers, are vulnerable until updates are applied. Due to the critical nature of these servers, we recommend you prioritise protecting them immediately.
What this means
This RCE vulnerability can be exploited by a remote unauthenticated attacker sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution.
This will enable the attacker to gain full control over the system.
What to look for
How to tell if you're at risk
Windows DNS servers that have not had the latest updates applied from Microsoft are at risk.
What to do
Microsoft has issued a patch for this vulnerability. It is available via the Microsoft portal for Windows servers 2008 onwards.
The patch also includes security updates for a further 122 other vulnerabilities, with a total 18 flaws listed as critical, and 105 listed as important.
Note – Windows Servers 2003 is no longer supported and does not have a patch.
Microsoft has advised that mitigation can be achieved by editing registry keys on vulnerable servers. Details can be found on the Microsoft website at:
Microsoft Portal Link:
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at email@example.com or call the MBIE media team on 027 442 2141.