Microsoft Windows DNS
ADV200013 — Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
Important
2020-12 archive
Executive Summary
Microsoft is aware of a vulnerability involving DNS cache poisoning caused by IP fragmentation that affects Windows DNS Resolver. An attacker who successfully exploited this vulnerability could spoof the DNS packet which can be cached by the DNS Forwarder or the DNS Resolver. For more information see the Workaround sections of this advisory.
Overview
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
20 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Windows Server 2008 for 32-bit Systems Service Pack 2 | — |
Important | Spoofing | Unknown |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server 2008 for x64-based Systems Service Pack 2 | — |
Important | Spoofing | Unknown |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | — |
Important | Spoofing | Unknown |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server 2012 | — |
Important | Spoofing | Unknown |
| Windows Server 2012 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server 2012 R2 | — |
Important | Spoofing | Unknown |
| Windows Server 2012 R2 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server 2016 | — |
Important | Spoofing | Unknown |
| Windows Server 2016 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server 2019 | — |
Important | Spoofing | Unknown |
| Windows Server 2019 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server 2022 | — |
Important | Spoofing | Unknown |
| Windows Server 2022 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server, version 1903 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server, version 1909 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server, version 2004 (Server Core installation) | — |
Important | Spoofing | Unknown |
| Windows Server, version 20H2 (Server Core Installation) | — |
Important | Spoofing | Unknown |
Patches
1 patch
| Article | Type | Restart |
|---|---|---|
— |
Unknown |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
Tsinghua University-QI-ANXIN Group JCNS
References
On This Page