CVE-2017-11779 Could Lead to Takeover of User’s Device; Microsoft Releases Patch in Response to Researcher’s Findings

PHOENIX, Oct. 10, 2017 — CVE-2017-11779, which addresses several memory corruption vulnerabilities in the Windows DNS client, was released today as part of Microsoft’s October 2017 Patch Tuesday security update. Microsoft has classified this CVE as critical, and anyone using Windows 8 through 10 or enterprises using Windows Server 2012 through 2016 – estimated to include millions of people – should immediately patch their systems.

The vulnerabilities discovered by Bishop Fox researcher Nick Freeman could lead to the takeover of a user machine. “In the majority of cases, the only requirement would be that an attacker is connected to the same network as their target,” stated Freeman.

Computers are constantly conducting DNS requests when users perform everyday activities like browsing the internet, streaming music, as well as countless other functions that require no user interaction. If an attacker successfully gets between a target and their DNS server, they can respond to any DNS requests with malicious data that would then trigger the vulnerability.

For example, if you’re on shared Wi-Fi® at your local coffee shop and this attack plays out, the attacker could then run code on your machine and escalate privileges to the point where they would control your files and your accounts. This includes your photos, your documents and any sensitive files. This poses a serious risk for enterprises as well. Once an attacker gets a foothold into your corporate network, they could then wreak havoc – stealing information about customers or business operations among other possibilities.

Bishop Fox worked closely with Microsoft in a coordinated disclosure process to ensure this critical issue was safely resolved. However, since new vulnerabilities are constantly being found in popular applications and operating systems, CVE-2017-11779 reaffirms the importance of installing patches as they are released.

For additional information on CVE-2017-11779, read the technical write-up on the Bishop Fox blog.


About Bishop Fox

Bishop Fox is an independent cybersecurity firm that protects businesses from today’s increasing security threats. Since 2005, the firm has provided security consulting services to the world’s leading organizations. The company is headquartered in Phoenix and has offices in Atlanta, San Francisco and New York City.


Sarah Broome
[email protected]