Korean
<< Back
VID 26742
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The Hotfix (MS15-127, 3100465) for 'Security Update for Microsoft Windows DNS to Address Remote Code Execution' has not been applied.
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.

Windows DNS Use After Free Vulnerability - CVE-2015-6125
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly parse requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
https://technet.microsoft.com/en-us/library/security/ms15-127

* Platforms Affected:
Windows Server 2008 SP2
Windows Server 2008 x64 SP2
Windows Server 2008 R2 SP1
Windows Server 2008 R2 x64 SP1
Windows Server 2012
Windows Server 2012 R2
Recommendation Apply the appropriate patch(3100465) for your system, as listed in Microsoft Security Bulletin MS15-127 at https://technet.microsoft.com/en-us/library/security/ms15-127
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com. Windows Update detects what version of Windows you are running and offers the appropriate patch.
Related URL CVE-2015-6125 (CVE)
Related URL 78496 (SecurityFocus)
Related URL (ISS)