Today, for its February 2022 Patch Tuesday, Microsoft released an important security update for DNS Servers running Windows Server. This vulnerability is known as CVE-2022-21984 and rated with CVSSv3.1 scores of 8.8/7.7.
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account over the network.
DISCLOSURE
The vulnerability was discovered by Microsoft’s own Offensive Research & Security Engineering (MORSE).
AFFECTED OPERATING SYSTEMS
All Windows Server 2022 installations that are configured as DNS servers are at risk from this vulnerability. Server Core, Full installations and Azure Editions are affected.
Windows Server version 20H2 is also vulnerable.
MITIGATIONS
Microsoft has not identified any mitigating factors for this vulnerability.
Call to Action
I urge you to install the necessary security updates on Windows Server installations, running as (Active Directory Domain Controllers and) DNS servers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, running as (Active Directory Domain Controllers and) DNS Servers, in the production environment.
FURTHER READING
Windows DNS Server Remote Code Execution Vulnerability (CVE-2021-24078)
Windows DNS Server RCE Vulnerability (SIGred, Wormable, CVE-2020-1350) DNS Server Heap Overflow Vulnerability could allow RCE (CVE-2018-8626)
Vulnerability in DNS Server could allow RCE (CVE-2016-3227)
Security Update for DNS Server to Address RCE (CVE-2015-6125)
Login