Windows DNS Client – Memory Corruption Vulnerabilities

by Nick Freeman, on Oct 10, 2017 11:33:00 AM

Patch Date:

October 10, 2017

Reported Date:

March 7, 2017

Vendor

Microsoft Corporation

Systems Affected

Windows 8 through Windows 10, and Windows Server 2012 through 2016.

Summary

High-risk memory corruption vulnerabilities in the Windows DNS client could lead to the compromise of a device or system. These issues relate to insufficient validation of data during the parsing of NSEC3 DNS Resource Records (RRs), resulting in corruption of the affected application's heap. If fully exploited, these vulnerabilities would enable an attacker to execute arbitrary code on the target host, and subsequently gain full administrative control of the affected host.

Vendor Status

The vulnerabilities were remediated in CVE-2017-11779 as part of Microsoft's October Patch Tuesday update.

Disclosure Timeline

  • March 7, 2017: Issue initially reported to Microsoft
  • March 8, 2017: Microsoft confirms receipt of report, case opened
  • March 9, 2017: Microsoft confirms vulnerability and that they are working on a fix
  • April 27, 2017: Bishop Fox requests status update
  • May 2, 2017: Microsoft provides update that triage is still in process, with no ETA
  • May 12, 2017: Microsoft advises an August release date
  • June 26, 2017: Microsoft advises that due to unforeseen circumstances, the release is pushed back to October
  • October 10, 2017: Patch released

Researcher

Nick Freeman of Bishop Fox

Vulnerability Details

Please refer to the technical write-up at the Bishop Fox blog.

Vulnerabilities:Memory Corruption

Comments

Vulnerability Disclosure Policy

Bishop Fox takes security issues very seriously. We believe in coordinated disclosure, and we work closely with vendors and clients to patch vulnerabilities promptly. More on our Disclosure Policy →

Subscribe to Updates