Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
BID:52374
Info
Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
| Bugtraq ID: | 52374 |
| Class: | Design Error |
| CVE: |
CVE-2012-0006 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 13 2012 12:00AM |
| Updated: | Mar 14 2012 04:40PM |
| Credit: | Microsoft |
| Vulnerable: |
Microsoft Windows Server 2008 R2 for x64-based Systems SP1 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems R2 Microsoft Windows Server 2008 for x64-based Systems 0 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems 0 Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise x64 Edition SP2 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP2 Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Avaya Messaging Application Server 5.2 Avaya Messaging Application Server 5 Avaya Messaging Application Server 4 Avaya Meeting Exchange - Webportal 0 Avaya Meeting Exchange - Web Conferencing Server 0 Avaya Meeting Exchange - Streaming Server 0 Avaya Meeting Exchange - Recording Server 0 Avaya Meeting Exchange - Client Registration Server 0 Avaya Meeting Exchange 5.0 .0.52 Avaya Meeting Exchange 5.2 SP2 Avaya Meeting Exchange 5.2 SP1 Avaya Meeting Exchange 5.2 Avaya Meeting Exchange 5.1 SP1 Avaya Meeting Exchange 5.1 Avaya Meeting Exchange 5.0 SP2 Avaya Meeting Exchange 5.0 SP1 Avaya Meeting Exchange 5.0 Avaya Communication Server 1000 Telephony Manager 4.0 Avaya Communication Server 1000 Telephony Manager 3.0 Avaya CallPilot 5.0 Avaya CallPilot 4.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 SP1 Standard |
| Not Vulnerable: | |
Discussion
Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
The Microsoft Windows DNS Server is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the DNS server service to stop responding, denying service to legitimate users.
The Microsoft Windows DNS Server is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the DNS server service to stop responding, denying service to legitimate users.
Exploit / POC
Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
An attacker can use readily available tools to exploit this issue.
An attacker can use readily available tools to exploit this issue.
Solution / Fix
Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
Solution:
The vendor has released an advisory and updates. Please see the references for details.
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for x64-based Systems R2
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Solution:
The vendor has released an advisory and updates. Please see the references for details.
Microsoft Windows Server 2008 for 32-bit Systems SP2
-
Microsoft Security Update for Windows Server 2008 (KB2647170)
http://www.microsoft.com/downloads/details.aspx?familyid=233c62b7-f2b1 -49ce-9a7f-e51435be0d26
Microsoft Windows Server 2008 for x64-based Systems R2
-
Microsoft Security Update for Windows Server 2008 R2 x64 Edition (KB2647170)
http://www.microsoft.com/downloads/details.aspx?familyid=19a4f3d1-24d2 -41af-a41a-e5cc2c6232e8
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
-
Microsoft Security Update for Windows Server 2003 x64 Edition (KB2647170)
http://www.microsoft.com/downloads/details.aspx?familyid=647eaf09-3959 -439e-8418-fd25221eb6b9
Microsoft Windows Server 2003 Standard Edition SP2
-
Microsoft Security Update for Windows Server 2003 (KB2647170)
http://www.microsoft.com/downloads/details.aspx?familyid=b04da098-666f -4760-90da-d2a17e78bf47
Microsoft Windows Server 2008 for x64-based Systems SP2
-
Microsoft Security Update for Windows Server 2008 x64 Edition (KB2647170)
http://www.microsoft.com/downloads/details.aspx?familyid=56eae770-5990 -4e1b-8b48-3d0602fcc72b
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
-
Microsoft Security Update for Windows Server 2008 R2 x64 Edition (KB2647170)
http://www.microsoft.com/downloads/details.aspx?familyid=19a4f3d1-24d2 -41af-a41a-e5cc2c6232e8
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
-
Microsoft Security Update for Windows Server 2003 x64 Edition (KB2647170)
http://www.microsoft.com/downloads/details.aspx?familyid=647eaf09-3959 -439e-8418-fd25221eb6b9
References
Microsoft Windows DNS Server (CVE-2012-0006) Remote Denial of Service Vulnerability
References:
References:
- Microsoft Homepage (Microsoft)
- ASA-2012-108 MS12-017 Vulnerability in DNS Server Could Allow Denial of Service (Avaya)
- Microsoft Security Bulletin MS12-017 (Microsoft)