OnlyFm252
Microsoft Windows DNS

CVE-2024-37968 — Windows DNS Spoofing Vulnerability

Important CVSS 7.5 EPSS 0.01028 2024-08 archive

Executive Summary

None

Overview

7.5
CVSS HIGH
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Spoofing
Released Aug 13 2024
Last Updated Aug 13 2024
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known
EPSS Score 0.01028 — 0.59122 percentile
NVD CVSS 7.5 HIGH — matches MSRC

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
ATTACK VECTOR
Network
ATTACK COMPLEXITY
Low
PRIVILEGES REQUIRED
None
USER INTERACTION
None
SCOPE
Unchanged
CONFIDENTIALITY
High
INTEGRITY
None
AVAILABILITY
None
EXPLOIT CODE MATURITY
Proof-of-Concept
REMEDIATION LEVEL
Official Fix
REPORT CONFIDENCE
Confirmed
Temporal Score: 6.7

EPSS Score

0.01028
probability of exploitation in the next 30 days
0.59122 percentile - updated 2026-06-21
View on FIRST.org

Affected Products

11 affected products
Product KB Article Severity Impact Restart Required
Windows Server 2008 for 32-bit Systems Service Pack 2 5041850 (Monthly Rollup) 5041847 (Security Only) Important Spoofing 5040499 Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 6.0.6003.22825 Yes 5041850 5041847 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5041850 (Monthly Rollup) 5041847 (Security Only) Important Spoofing 5040499 Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 6.0.6003.22825 Yes 5041850 5041847 Windows Server 2008 for x64-based Systems Service Pack 2 5041850 (Monthly Rollup) 5041847 (Security Only) Important Spoofing 5040499 Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 6.0.6003.22825 Yes 5041850 5041847 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5041850 (Monthly Rollup) 5041847 (Security Only) Important Spoofing 5040499 Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 6.0.6003.22825 Yes 5041850 5041847 Windows Server 2008 R2 for x64-based Systems Service Pack 1 5041838 (Monthly Rollup) 5041823 (Security Only) Important Spoofing 5040497 Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 6.1.7601.27277 Yes 5041838 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5041838 (Monthly Rollup) 5041823 (Security Only) Important Spoofing 5040497 Base: 7.5 Temporal: 6.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C 6.1.7601.27277 Yes 5041838 Windows Server 2012 5041851 (Monthly Rollup) Important Spoofing Yes
Windows Server 2012 (Server Core installation) 5041851 (Monthly Rollup) Important Spoofing Yes
Windows Server 2012 R2 5041828 (Monthly Rollup) Important Spoofing Yes
Windows Server 2012 R2 (Server Core installation) 5041828 (Monthly Rollup) Important Spoofing Yes
Windows Server 2016 5041773 (Security Update) Important Spoofing Yes
Windows Server 2016 (Server Core installation) 5041773 (Security Update) Important Spoofing Yes
Windows Server 2019 5041578 (Security Update) Important Spoofing Yes
Windows Server 2019 (Server Core installation) 5041578 (Security Update) Important Spoofing Yes
Windows Server 2022 5041160 (Security Update) Important Spoofing Yes
Windows Server 2022 (Server Core installation) 5041160 (Security Update) Important Spoofing Yes
Windows Server 2022, 23H2 Edition (Server Core installation) 5041573 (Security Update) Important Spoofing Yes

Patches

6 patches
Article Type Restart
5041851 Monthly Rollup Yes
5041828 Monthly Rollup Yes
5041773 Security Update Yes
5041578 Security Update Yes
5041160 Security Update Yes
5041573 Security Update Yes

Known Exploits

Acknowledgments

Yunyi Zhang with NUDT

On This Page