The April 2022 Patch Tuesday addresses 18 vulnerabilities for Domain Controllers running as DNS Servers

Windows Server

When looking at the April 2022 Patch Tuesday today, I noticed eighteen updates that specifically address vulnerabilities in DNS Server. These vulnerabilities are specific to Domain Controllers running DNS Server (in the default configuration), so this sparked my interest in these updates.

 

Eighteen DNS Server vulnerabilities

Seventeen Remote Code Execution vulnerabilities

Seventeen DNS Server remote code execution vulnerabilities were addressed:

These vulnerabilities all allow remote code execution on systems Windows Server-based DNS servers over the network. For most of the above vulnerabilities, the  attacker or targeted user would need specific elevated privileges. As is recommended practice, regular validation and audits of administrative groups should be conducted.

 

One Information Disclosure vulnerability

Additionally, one information disclosure vulnerability was addressed:

An attacker could potentially read small portions of heap memory.

 

Affected Operating Systems

Most of the above vulnerabilities exist in all supported Windows and Windows Server Operating Systems. Although support for Windows Server 2008 and Windows Server 2008 R2 has ended, Microsoft has made updates available for all Windows Server platforms.

For CVE-2022-26815 specifically, only DNS servers that offer dynamic updates are vulnerable.

 

Call to Action

I urge you to install the necessary security updates on Windows Server installations, running as (Active Directory Domain Controllers and) DNS servers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, running as (Active Directory Domain Controllers and) DNS Servers, in the production environment.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.