Microsoft patches Windows DNSSEC zero-day

This month's regular Patch Wednesday round of security updates plugs a serious flaw in Windows 8 and later versions of the operating system which - if exploited - could allow remote code execution on victims' computers.

Security vendor Bishop Fox analysed the Windows Domain Name System (DNS) resolver, and discovered multiple memory corruption vulnerabilities in the software.

The vulnerabilities are caused by the way DNS security extension (DNSSEC) resource records are parsed. 

NSEC3 resource records that are used to cryptographically prove the non-existence of a domain are handled unsafely by the Windows DNS client software, Bishop Fox said.

"The Windows DNS client doesn’t do enough sanity checking when it processes a DNS response that contains an NSEC3 record. Malformed NSEC3 records can trigger this vulnerability and corrupt the memory of the DNS client.

"If this is done carefully, it can result in arbitrary code execution on the target system," the company said in its report.

The vulnerability can be exploited by attackers who control DNS servers that Windows queries for domain name resolution - with no user interaction required - by simply using common applications such as web browsers and email.

This could be done via man-in-the-middle attacks or malicious wi-fi hotspots, and can result in code execution at different privilege levels, including that of a system administrator, leading to full compromise of the target computer.

Attackers also have unlimited attempts at exploiting the flaw, as the DNS client will automatically restart when it crashes, with users receiving no notification of this happening.

While Bishop Fox said it has not seen the flaw exploited, the company said the severity of vulnerability means users should patch against it urgently.