On March 10, 2021, Microsoft released security patches for 7 new DNS vulnerabilities 5 of them were remote code execution (RCE), and 2 of them were in the denial of service type (DoS). Due to the importance of the server’s DNS, the high severity of five of these vulnerabilities (9.8 out of 10), it is recommended that you install the relevant security patches as soon as possible.
5 vulnerabilities capable of executing code remotely:
-
CVE-2021-26897
CVSS: Critical (9.8 out of 10)
-
CVE-2021-26877
CVSS: Critical (9.8 out of 10)
-
CVE-2021-26893
CVSS: Critical (9.8 out of 10)
-
CVE-2021-26894
CVSS: Critical (9.8 out of 10)
-
CVE-2021-26895
CVSS: Critical (9.8 out of 10)
2 Service Denial Vulnerability:
-
CVE-2021-26896
CVSS: medium (7.5 out of 10)
-
CVE-2021-27063
CVSS: medium (7.5 out of 10)
Vulnerable versions:
-
Windows Server 2008
-
Windows Server 2012
-
Windows Server 2016
-
Windows Server, Edition 1909
-
Windows Server, Edition 2004
-
Windows Server, Edition 20H2
Exploiting these vulnerabilities requires dynamic update rules (Dynamic Update) an active Server DNS (By default, these settings are enabled). Dynamic DNS update capability enables DNS clients after recording their resource records in DNS, whenever changes are made to your resource records on the server update DNS dynamically.
Security recommendations
-
Disable the dynamic update feature as fast as you can
-
Install security patches