QID 91995
Date Published: 2023-03-15
QID 91995: Microsoft Windows Domain Name System (DNS) Server Remote Code Execution (RCE) Vulnerability for March 2023
Microsoft Windows Domain Name System (DNS) Server Security Update - March 2023
Operating Systems: Windows Server 2012, Windows Server 2016, Windows Server 2022, Windows Server 2019
The KB Articles associated with the update:
The patch version is 6.3.9600.20874 for KB5023765
The patch version is 6.3.9600.20874 for KB5023764
The patch version is 10.0.14393.5786 for KB5023697
The patch version is 10.0.20348.859 for KB5023705
The patch version is 10.0.17763.4131 for KB5023702
QID Detection Logic (Authenticated):
This QID checks for the file version of dns.exe
Successful exploitation of this vulnerability may allow an attacker with specific elevated privileges to execute arbitrary command on the target system.
Solution
Vendor has released patch. Please refer to CVE-2023-23400 for more information.
Vendor References
- Windows DNS Server Security Advisory -
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23400
CVEs related to QID 91995
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| KB5023697 |
support.microsoft.com/help/5023697 |
||
| KB5023702 |
support.microsoft.com/help/5023702 |
||
| KB5023705 |
support.microsoft.com/help/5023705 |
||
| KB5023764 |
support.microsoft.com/help/5023764 |
||
| KB5023765 |
support.microsoft.com/help/5023765 |