Security Update for Microsoft Windows DNS

Number: AL15-015
Date: 09 December 2015

Purpose

The purpose of this alert is to bring attention to recently published security update associated with Microsoft DNS server.

Assessment

CCIRC is aware of an update concerning Microsoft DNS server addressing a remote code execution vulnerability.

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a vulnerable DNS server.

This security update is rated Critical for all supported releases of Windows Server 2008 for 32-bit Systems, Windows Server 2008 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2012, and Windows Server 2012 R2.

Suggested Action

CCIRC recommends prioritization of this patch or suggested workarounds due to the exposure of these systems to the internet combined with the severity of this vulnerability.

References:

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: