When looking at the April 2022 Patch Tuesday today, I noticed eighteen updates that specifically address vulnerabilities in DNS Server. These vulnerabilities are specific to Domain Controllers running DNS Server (in the default configuration), so this sparked my interest in these updates.

Eighteen DNS Server vulnerabilities

Seventeen Remote Code Execution vulnerabilities

Seventeen DNS Server remote code execution vulnerabilities were addressed:

• CVE-2022-26811 Windows DNS Server Vulnerability (CVSSv3 7.2/6.3)
• CVE-2022-26812 Windows DNS Server Vulnerability (CVSSv3 7.2/6.5)
• CVE-2022-26813 Windows DNS Server Vulnerability (CVSSv3 7.2/6.3)
• CVE-2022-26814 Windows DNS Server Vulnerability (CVSSv3 7.2/6.3)
• CVE-2022-26815 Windows DNS Server Vulnerability (CVSSv3 7.2/6.3)
• CVE-2022-26817 Windows DNS Server Vulnerability (CVSSv3 6.6/5.8)
• CVE-2022-26818 Windows DNS Server Vulnerability (CVSSv3 6.6/5.8)
• CVE-2022-26819 Windows DNS Server Vulnerability (CVSSv3 6.6/5.8)
• CVE-2022-26820 Windows DNS Server Vulnerability (CVSSv3 6.6/5.8)
• CVE-2022-26821 Windows DNS Server Vulnerability (CVSSv3 6.6/5.8)
• CVE-2022-26822 Windows DNS Server Vulnerability (CVSSv3 6.6/5.8)
• CVE-2022-26823 Windows DNS Server Vulnerability (CVSSv3 7.2/6.3)
• CVE-2022-26824 Windows DNS Server Vulnerability (CVSSv3 7.2/6.3)
• CVE-2022-26825 Windows DNS Server Vulnerability (CVSSv3 7.2/6.3)
• CVE-2022-26826 Windows DNS Server Vulnerability (CVSSv3 7.2/6.3)
• CVE-2022-26829 Windows DNS Server Vulnerability (CVSSv3 6.6/5.9)
• CVE-2022-26836 Windows DNS Server Vulnerability (CVSSv3 7.2/6.3)

These vulnerabilities all allow remote code execution on systems Windows Server-based DNS servers over the network. For most of the above vulnerabilities, the  attacker or targeted user would need specific elevated privileges. As is recommended practice, regular validation and audits of administrative groups should be conducted.

One Information Disclosure vulnerability

Additionally, one information disclosure vulnerability was addressed:

• CVE-2022-26816 Windows DNS Server Vulnerability (CVSSv3 7.2/5.7)

An attacker could potentially read small portions of heap memory.

Affected Operating Systems

Most of the above vulnerabilities exist in all supported Windows and Windows Server Operating Systems. Although support for Windows Server 2008 and Windows Server 2008 R2 has ended, Microsoft has made updates available for all Windows Server platforms.

For CVE-2022-26815 specifically, only DNS servers that offer dynamic updates are vulnerable.

Call to Action

I urge you to install the necessary security updates on Windows Server installations, running as (Active Directory Domain Controllers and) DNS servers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, running as (Active Directory Domain Controllers and) DNS Servers, in the production environment.