CVE-2022-26814: Windows DNS Server Remote Code Execution Vulnerability

Overview

Severity

Medium (CVSS 6.6)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Apr

Released

2022-04-12

EPSS Score

1.76% (percentile: 82.6%)

FAQ

How could an attacker exploit this vulnerability? In a network-based attack an attacker would need to have the privileges to query the Domain Name Service (DNS). If the timing of DNS queries is perfect, the attacker could execute code remotely on the target server. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition.

Affected Products (9)

Windows

• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows Server, version 20H2 (Server Core Installation)
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

ESU

• Windows Server 2012 R2
• Windows Server 2012 R2 (Server Core installation)

Security Updates (6)

• 5012647
• 5012604
• 5012599
• 5012596
• 5012670
• 5012639

Acknowledgments

Yuki Chen with <a href="https://www.cyberkl.com/">Cyber KunLun</a>

Revision History

• 2022-04-12: Information published.