iTnews

Windows Server DNS flaw allows remote code execution

By Juha Saarinen on Dec 9, 2015 6:30AM
Windows Server DNS flaw allows remote code execution

No workarounds.

Microsoft is warning users runing the Domain Name Service (DNS) look up feature on Windows Server to patch their installations against a critical vulnerability that permits attackers to remotely execute code on affected machines.

The vulnerability has been assigned the common vulnerabilities and exploits index term CVE-2015-6125 and affects 32 and 64-bit versions of Windows Server 2008, 2008 R2, 2012 and 2012 R2, and the stripped-down Server Core variants, Microsoft said.

Windows Server Technical Preview 3 and 4 are also affected

Attackers can exploit the vulnerability in the Windows DNS simply by sending malicious requests to systems via the internet. The requests can be crafted to run arbitrary code on vulnerable Windows Server machines.

The vulnerability is caused by a bug that means memory is referenced after it has been freed.

Microsoft said there are no mitigating factors for the vulnerability, or workarounds.

Another critical vulnerability plugged in the December 2015 set of security updates affects how the Windows Uniscribe application programming interfaces for typography parse specially crafted fonts. 

The Uniscribe integer underflow vulnerability can be used for remote code execution, allowing attackers who convince users to open specially crafted documents to install programs, modify and delete data, and create system accounts with full user privileges.

Windows 7 with Service Pack 1 installed is vulnerable in 32 and 64-bit versions, along with Windows Server 2008 R2 SP1, and Server Core 2008 R2 x64 SP1, Microsoft said.

There are also no mitigating factors or workarounds for the Uniscribe vulnerability.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
dns microsoft security uniscribe windows server
In Partnership With
By Juha Saarinen
Dec 9 2015
6:30AM
0 Comments

Related Articles

  • Microsoft granted licence to export 'mass-market' software to Huawei
  • Intel issues fixes for critical flaws in drivers and firmware
  • Move over Microsoft: PayPal's the new phishers' phave
  • Russian "Fancy Bear" hackers prowl sports anti-doping agencies
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

ATO moves to break up $1bn Optus megadeal

ATO moves to break up $1bn Optus megadeal

NBN Co shows its top user now hits 26TB a month

NBN Co shows its top user now hits 26TB a month

Inside Infosys' complex Centrelink payments calculator overhaul

Inside Infosys' complex Centrelink payments calculator overhaul

Google co-founders step aside as Pichai takes helm of parent Alphabet

Google co-founders step aside as Pichai takes helm of parent Alphabet

You must be a registered member of iTnews to post a comment.
Log In | Register

Whitepapers from our sponsors

Are you getting profitable outcomes from your IT?
Are you getting profitable outcomes from your IT?
Your Microsoft Security journey starts here
Your Microsoft Security journey starts here
Is your AWS framework well-architected?
Is your AWS framework well-architected?
Why you should  reassess your cybersecurity posture
Why you should reassess your cybersecurity posture
How will you manage the cloud data deluge?
How will you manage the cloud data deluge?

Events

  • Gartner Data & Analytics Summit
  • 2nd Data Governance & Management Summit Melbourne
  • 3rd Intelligent Automation Sydney Summit
  • 7th University IT Service Strategy & Challenges
  • Cyber Security for Higher Education
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.