Title:

Windows DNS Client – Memory Corruption Vulnerabilities

Release Date:

October 10, 2017

Patch Date:

October 10, 2017

Reported Date:

March 7, 2017

Vendor:

Microsoft Corporation

Systems Affected:

Windows 8 through Windows 10, and Windows Server 2012 through 2016.

Summary:

High-risk memory corruption vulnerabilities in the Windows DNS client could lead to the compromise of a device or system. These issues relate to insufficient validation of data during the parsing of NSEC3 DNS Resource Records (RRs), resulting in corruption of the affected application’s heap. If fully exploited, these vulnerabilities would enable an attacker to execute arbitrary code on the target host, and subsequently gain full administrative control of the affected host.

Vendor Status:

The vulnerabilities were remediated in CVE-2017-11779 as part of Microsoft’s October Patch Tuesday update (MS – XXX).

Disclosure Timeline:

  • March 7, 2017: Issue initially reported to Microsoft
  • March 8, 2017: Microsoft confirms receipt of report, case opened
  • March 9, 2017: Microsoft confirms vulnerability and that they are working on a fix
  • April 27, 2017: Bishop Fox requests status update
  • May 2, 2017: Microsoft provides update that triage is still in process, with no ETA
  • May 12, 2017: Microsoft advises an August release date
  • June 26, 2017: Microsoft advises that due to unforeseen circumstances, the release is pushed back to October
  • October 10, 2017: Patch released

Researcher:

Nick Freeman of Bishop Fox

Vulnerability Details:

Please refer to the technical write-up at the Bishop Fox blog.