Security News > 2017 > October > Bugs in Windows DNS client open millions of users to attack
2017-10-11 01:00
In this month’s Patch Tuesday, Microsoft has included fixes for multiple critical memory corruption vulnerabilities in the Windows DNS client, which could be exploited by attackers to gain access to the target’s system. About the vulnerabilities The vulnerabilities, collectively identified as CVE-2017-11779, were discovered by Bishop Fox researcher Nick Freeman, and there is no indication that they have been exploited in attacks in the wild. They are present in Windows 8 through Windows 10, and … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/TuuLYmlXCng/
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Cybercriminals hijack DNS to build stealth attack networks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-13 | CVE-2017-11779 | Unspecified vulnerability in Microsoft products The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability". | 8.1 |