Threat Alert

by IthacaLabs™

THREAT LEVEL/High 11/02/2021

Windows DNS Server Remote Code Execution Vulnerability

Threat Level Description

Threat Level: High – An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.

Description

We have observed that a critical vulnerability affecting Microsoft’s DNS Servers, has been identified.

This vulnerability (CVE-2021-24078) is a remote code execution attack that exists in Windows Domain Name System (DNS) servers.

An unauthenticated remote attacker, leveraging this issue, could run arbitrary code in the context of the Local System Account over the network.

Microsoft Windows Server installations, dating back to Windows Server 2008, that are configured as DNS servers, are vulnerable to this issue. Both Server Core and Full installations of Windows Servers are affected. The recently released Windows Server version 20H2 is also vulnerable.

Note that a CVE ID for this vulnerability (CVE-2021-24078) has been reserved but not yet published.

CVE(s)

CVE-2021-24078

BASE SCORE: 7.5 High

VECTOR: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Windows DNS Server Remote Code Execution Vulnerability

Affected Systems

  • Microsoft Windows Server 2004 – 2020

Recommendation(s)

You should immediately update to the latest version of Microsoft Windows Server and apply the relevant security patches, provided by the vendor .

You should understand the importance of security updates, and the urgency with which they should be applied, no matter how large or small your organization is. It is very important to apply an efficient patch management solution and always have enabled an active event security logging and practice event monitoring. To protect the valuable assets of your business and be compliant with the relevant industry regulations requires a comprehensive approach to the management of risk, including Penetration Testing at least annually and upon significant changes.

References

Get the latest Threat Alerts in your inbox.