OnlyFm252
Role: DNS Server

CVE-2023-32020 — Windows DNS Spoofing Vulnerability

Important CVSS 5.6 EPSS 0.00657 2023-06 archive

Executive Summary

None

Overview

5.6
CVSS MEDIUM
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Spoofing
Released Jun 13 2023
Last Updated Jun 13 2023
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known
EPSS Score 0.00657 — 0.46563 percentile
NVD CVSS 5.6 MEDIUM — matches MSRC

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
ATTACK VECTOR
Network
ATTACK COMPLEXITY
High
PRIVILEGES REQUIRED
None
USER INTERACTION
None
SCOPE
Unchanged
CONFIDENTIALITY
Low
INTEGRITY
Low
AVAILABILITY
Low
EXPLOIT CODE MATURITY
Unproven
REMEDIATION LEVEL
Official Fix
REPORT CONFIDENCE
Confirmed
Temporal Score: 4.9

EPSS Score

0.00657
probability of exploitation in the next 30 days
0.46563 percentile - updated 2026-06-21
View on FIRST.org

Affected Products

4 affected products
Product KB Article Severity Impact Restart Required
Windows Server 2008 for 32-bit Systems Service Pack 2 5027279 (Monthly Rollup) 5027277 (Security Only) Important Spoofing 5026408 Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 6.0.6003.22113 Yes 5027279 5027277 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5027279 (Monthly Rollup) 5027277 (Security Only) Important Spoofing 5026408 Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 6.0.6003.22113 Yes 5027279 5027277 Windows Server 2008 for x64-based Systems Service Pack 2 5027279 (Monthly Rollup) 5027277 (Security Only) Important Spoofing 5026408 Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 6.0.6003.22113 Yes 5027279 5027277 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5027279 (Monthly Rollup) 5027277 (Security Only) Important Spoofing 5026408 Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 6.0.6003.22113 Yes 5027279 5027277 Windows Server 2008 R2 for x64-based Systems Service Pack 1 5027275 (Monthly Rollup) 5027256 (Security Only) Important Spoofing 5026413 Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 6.1.7601.26564 Yes 5027275 5027256 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5027275 (Monthly Rollup) 5027256 (Security Only) Important Spoofing 5026413 Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 6.1.7601.26564 Yes 5027275 5027256 Windows Server 2012 5027283 (Monthly Rollup) 5027281 (Security Only) Important Spoofing 5026419 Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 6.2.9200.24314 Yes None Windows Server 2012 (Server Core installation) 5027283 (Monthly Rollup) 5027281 (Security Only) Important Spoofing 5026419 Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 6.2.9200.24314 Yes None Windows Server 2012 R2 5027271 (Monthly Rollup) 5027282 (Security Only) Important Spoofing 5026415 Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 6.3.9600.21013 Yes None Windows Server 2012 R2 (Server Core installation) 5027271 (Monthly Rollup) 5027282 (Security Only) Important Spoofing 5026415 Base: 5.6 Temporal: 4.9 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C 6.3.9600.21013 Yes None Windows Server 2016 5027219 (Security Update) Important Spoofing Yes
Windows Server 2016 (Server Core installation) 5027219 (Security Update) Important Spoofing Yes
Windows Server 2019 5027222 (Security Update) Important Spoofing Yes
Windows Server 2019 (Server Core installation) 5027222 (Security Update) Important Spoofing Yes

Patches

2 patches
Article Type Restart
5027219 Security Update Yes
5027222 Security Update Yes

Known Exploits

Acknowledgments

Xiang Li

On This Page