[1st-mile-nm] URGENT: New MS DNS issues, permits RCE via crafted DNS packet
John Brown
john at citylinkfiber.com
Tue Dec 8 11:25:23 PST 2015
---------- Forwarded message ----------
Looking at the patch notes, you can craft a packet to a DNS server and
run code as local system.
A remote code execution vulnerability exists in Windows Domain Name
System (DNS) servers when they fail to properly parse requests. An
attacker who successfully exploited the vulnerability could run
arbitrary code in the context of the Local System Account.
https://isc.sans.edu/forums/diary/December+2015+Microsoft+Patch+Tuesday/20461/
https://technet.microsoft.com/library/security/ms15-dec
More information about the 1st-mile-nm
mailing list