Back to board Open MSRC
MSRC compact vulnerability detail

CVE-2021-26893 · Windows DNS Server Remote Code Execution Vulnerability

No description was published by MSRC.

Severity
n/a
Impact
n/a
CVSS
9.8 base · 8.5 temporal
Release
2021-03-09
Signals
Role: DNS Server Unknown impact Exploited: No Publicly disclosed: No Exploitability: Exploitation Less Likely
CWE
No CWE data published.
Patch Diff
Loading module diff metadata...
Resolved binary override
Use this when the MSRC module name cannot be mapped automatically or the resolved binary looks wrong.
Old version New version
Description
No description was published by MSRC.
FAQ / Articles
FAQ
Can this vulnerability by mitigated by enabling Secure Zone Updates? Enabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a “secure zone update” DNS server from a domain-joined computer. This is only a partial mitigation. Does this vulnerability impact just standalone DNS Primary Authoritative Server and not a DNS Server integrated with Active Directory? This vulnerability impacts any DNS server. The surrounding configuration can limit possible vectors/sources for the attack, but proper mitigation requires this month’s security update patch.
FAQ
If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server.
Mitigation
The following mitigating factors may be helpful in your situation: To be vulnerable, a DNS server would need to have dynamic updates enabled.