CVE-2017-11779

HIGH

Description

The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".

References

http://www.securityfocus.com/bid/101166

http://www.securitytracker.com/id/1039533

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779

Details

Source: MITRE

Published: 2017-10-13

Updated: 2019-10-03

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
104384KB4042895: Windows 10 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical
103750Windows 8.1 and Windows Server 2012 R2 October 2017 Security Updates (KRACK)NessusWindows : Microsoft Bulletins
critical
103749KB4041691: Windows 10 Version 1607 and Windows Server 2016 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical
103748Windows Server 2012 October 2017 Security Updates (KRACK)NessusWindows : Microsoft Bulletins
critical
103747KB4041689: Windows 10 Version 1511 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical
103745KB4041676: Windows 10 Version 1703 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical