SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft DNS Server Vendors:   Microsoft
Microsoft Windows DNS Use-After-Free Memory Error Lets Remote Users Execute Arbitrary Code on the Target System
SecurityTracker Alert ID:  1034323
SecurityTracker URL:  http://securitytracker.com/id/1034323
CVE Reference:   CVE-2015-6125   (Links to External Site)
Date:  Dec 8 2015
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Microsoft DNS Server. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted DNS requests to trigger a user-after-free memory error and execute arbitrary code on the target system. The code will run with LocalSystem privileges.

Windows servers configured as DNS servers are affected.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix.

A restart is required.

Windows Server 2008 for 32-bit Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=dc7e3d4a-5ce2-4a4e-bfb2-1cd81e287df3

Windows Server 2008 for x64-based Systems Service Pack 2:

https://www.microsoft.com/downloads/details.aspx?familyid=e6b7787d-8946-4261-b382-a9725307e81a

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

https://www.microsoft.com/downloads/details.aspx?familyid=ea464887-5a76-459c-a9ce-fc59bb32fd4a

Windows Server 2012:

https://www.microsoft.com/downloads/details.aspx?familyid=399d1d6b-b8eb-4aa6-972a-79c1843f5cbc

Windows Server 2012 R2:

https://www.microsoft.com/downloads/details.aspx?familyid=1c782ec6-44cd-4d16-9601-a514fe452401

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation):

https://www.microsoft.com/downloads/details.aspx?familyid=dc7e3d4a-5ce2-4a4e-bfb2-1cd81e287df3

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation):

https://www.microsoft.com/downloads/details.aspx?familyid=e6b7787d-8946-4261-b382-a9725307e81a

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation):

https://www.microsoft.com/downloads/details.aspx?familyid=ea464887-5a76-459c-a9ce-fc59bb32fd4a

Windows Server 2012 (Server Core installation):

https://www.microsoft.com/downloads/details.aspx?familyid=399d1d6b-b8eb-4aa6-972a-79c1843f5cbc

Windows Server 2012 R2 (Server Core installation):

https://www.microsoft.com/downloads/details.aspx?familyid=1c782ec6-44cd-4d16-9601-a514fe452401

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms15-127

Vendor URL:  technet.microsoft.com/library/security/ms15-127 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2008), Windows (2012)
Underlying OS Comments:  2008, 2008 R2, 2012, 2012 R2

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC