QID 92006

Date Published: 2023-04-12

QID 92006: Microsoft Windows Domain Name System (DNS) Server Remote Code Execution (RCE) Vulnerability for April 2023

Microsoft Windows Domain Name System (DNS) Server Security Update - April 2023

Operating Systems: The KB Articles associated with the update:
5025285
5025288
5025287
5025272
5025279
5025277
5025271
5025273
5025228
5025230
5025229
QID Detection Logic (Authenticated):

This QID checks for the file version of dns.exe

Successful exploitation of this vulnerability may allow an attacker with specific elevated privileges to execute arbitrary command on the target system.

  • CVSS V3 rated as High - 7.2 severity.
  • CVSS V2 rated as Critical - 10 severity.
    • Solution
    Please refer to the following KB Articles associated with the update:
    5025285
    5025288
    5025287
    5025272
    5025279
    5025277
    5025271
    5025273
    5025228
    5025230
    5025229
    Vendor References

    CVEs related to QID 92006

    CVE-2023-28223 | CVE-2023-28254 | CVE-2023-28308 | CVE-2023-28256 | CVE-2023-28278 | CVE-2023-28307 | CVE-2023-28306 | CVE-2023-28255 | CVE-2023-28277 | CVE-2023-28305 |
    Software Advisories
    Advisory ID Software Component Link
    5025228 URL Logo support.microsoft.com/en-in/help/5025228
    5025229 URL Logo support.microsoft.com/en-in/help/5025229
    5025230 URL Logo support.microsoft.com/en-in/help/5025230
    5025271 URL Logo support.microsoft.com/en-in/help/5025271
    5025272 URL Logo support.microsoft.com/en-in/help/5025272
    5025273 URL Logo support.microsoft.com/en-in/help/5025273
    5025277 URL Logo support.microsoft.com/en-in/help/5025277
    5025279 URL Logo support.microsoft.com/en-in/help/5025279
    5025285 URL Logo support.microsoft.com/en-in/help/5025285
    5025287 URL Logo support.microsoft.com/en-in/help/5025287
    5025288 URL Logo support.microsoft.com/en-in/help/5025288
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].