CVE-2022-26831 Windows LDAP Denial of Service Vulnerability.

CVE-2022-26831 Windows LDAP Denial of Service Vulnerability.

On June 6, 2017, security researcher Tuan Anh Ngo from VnSecurityTeam discovered a critical vulnerability in Windows DNS servers.

An attacker could exploit this vulnerability by sending malformed DNS requests to a target system. A successful exploit could cause a denial-of-service condition by exhausting server resources and slowing down service performance.

It is important to note that an attack would only work against Windows DNS servers that are running on Windows 10.
In order to exploit this vulnerability, an attacker would have to be connected to the target network. A remote attack could be initiated with a malformed DNS request by sending it to the Windows DNS server.
An attacker could use social engineering techniques to trick users into clicking malicious links.

Windows 10 Anniversary Update, version 1607 and Windows Server 2016 are the only Windows operating systems that are affected by this vulnerability. Denial of service attacks are possible against Windows DNS servers running on Windows 10.
In order to exploit this vulnerability, an attacker would have to be connected to the target network. A remote attack could be initiated with a malformed DNS request by sending it to the Windows DNS server.An attacker could use social engineering techniques to trick users into clicking malicious links.
It is recommended that users check their Windows DNS settings and make sure that their DNS servers are configured properly.

Windows DNS Server Vulnerability

On June 6, 2017, security researcher Tuan Anh Ngo from VnSecurityTeam discovered a critical vulnerability in Windows DNS servers.
An attacker could exploit this vulnerability by sending malformed DNS requests to a target system. A successful exploit could cause a denial-of-service condition by exhausting server resources and slowing down service performance.
It is important to note that an attack would only work against Windows DNS servers that are running on Windows 10.In order to exploit this vulnerability, an attacker would have to be connected to the target network. A remote attack could be initiated with a malformed DNS request by sending it to the Windows DNS server.An attacker could use social engineering techniques to trick users into clicking malicious links.
Windows 10 Anniversary Update, version 1607 and Windows Server 2016 are the only Windows operating systems that are affected by this vulnerability. Denial of service attacks are possible against Windows DNS servers running on Windows 10.In order to exploit this vulnerability, an attacker would have to be connected to the target network. A remote attack could be initiated with a malformed DNS request by sending it to the Windows DNS server.An attacker could use social engineering techniques to trick users into clicking malicious links.It is recommended that users check their Windows DNS settings and make sure that their DNS servers are configured properly.[END]

Windows DNS server vulnerability details##

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe