The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".
http://www.securityfocus.com/bid/101166
http://www.securitytracker.com/id/1039533
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779
Source: MITRE
Published: 2017-10-13
Updated: 2019-10-03
Type: NVD-CWE-noinfo
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
Base Score: 8.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.2
Severity: HIGH
OR
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
104384 | KB4042895: Windows 10 October 2017 Cumulative Update (KRACK) | Nessus | Windows : Microsoft Bulletins | critical |
103750 | Windows 8.1 and Windows Server 2012 R2 October 2017 Security Updates (KRACK) | Nessus | Windows : Microsoft Bulletins | critical |
103749 | KB4041691: Windows 10 Version 1607 and Windows Server 2016 October 2017 Cumulative Update (KRACK) | Nessus | Windows : Microsoft Bulletins | critical |
103748 | Windows Server 2012 October 2017 Security Updates (KRACK) | Nessus | Windows : Microsoft Bulletins | critical |
103747 | KB4041689: Windows 10 Version 1511 October 2017 Cumulative Update (KRACK) | Nessus | Windows : Microsoft Bulletins | critical |
103745 | KB4041676: Windows 10 Version 1703 October 2017 Cumulative Update (KRACK) | Nessus | Windows : Microsoft Bulletins | critical |