CVE-2020-1228

Опубликовано: 08 сент. 2020

Источник: msrc

CVSS3: 7.5

EPSS Средний

Описание

Windows DNS Denial of Service Vulnerability

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.

To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service.

The update addresses the vulnerability by correcting how Windows DNS processes queries.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	4577064 4577070	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	4577064 4577070	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	4577064 4577070	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	4577051 4577053	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	4577051 4577053	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	4577064 4577070	Monthly Rollup Security Only
Windows Server 2012	4577038 4577048	Monthly Rollup Security Only
Windows Server 2012 (Server Core installation)	4577038 4577048	Monthly Rollup Security Only
Windows Server 2012 R2	4577066 4577071	Monthly Rollup Security Only
Windows Server 2012 R2 (Server Core installation)	4577066 4577071	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 94%

0.1594

Средний

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-1228

CVSS3: 7.5

nvd

почти 5 лет назад

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive. To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service. The update addresses the vulnerability by correcting how Windows DNS processes queries.

GHSA-h78g-2jmr-346w

CVSS3: 7.5

github

около 3 лет назад

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0836.

BDU:2020-04384

CVSS3: 6.5

fstec

почти 5 лет назад

Уязвимость DNS-сервера операционной системы Windows, связанная с ошибками обработки DNS-запросов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 94%

0.1594

Средний

7.5 High

CVSS3