Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-030.

Impact

Successful exploitation could allow remote attacker to execute arbitrary code in the context of the NetworkService account. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx

Insight

The flaws are due to the way the DNS client handles specially crafted LLMNR queries.

Affected

Micorsoft Windows 7 Service Pack 1 and prior Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2003 Service Pack 2 and prior Microsoft Windows Vista Service Pack 2 and prior Microsoft Windows Server 2008 Service Pack 2 and prior

References

http://support.microsoft.com/kb/2509553
http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0657

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Cumulative Patch for Internet Information Services (Q327696)
Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)
Cumulative Security Update for Internet Explorer (950759)
Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
Microsoft .NET Framework Privilege Elevation Vulnerability (2800277)

Take action and discover your vulnerabilities