Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS11-030.

Impact

Successful exploitation could allow remote attacker to execute arbitrary code in the context of the NetworkService account. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx

Insight

The flaws are due to the way the DNS client handles specially crafted LLMNR queries.

Affected

Micorsoft Windows 7 Service Pack 1 and prior Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2003 Service Pack 2 and prior Microsoft Windows Vista Service Pack 2 and prior Microsoft Windows Server 2008 Service Pack 2 and prior

References

http://support.microsoft.com/kb/2509553
http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0657

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability
Microsoft Internet Explorer Memory Corruption Vulnerability (2755801)
ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
Microsoft DirectAccess Security Advisory (2862152)

Take action and discover your vulnerabilities