CVE-2017-11779

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".

References

http://www.securityfocus.com/bid/101166

http://www.securitytracker.com/id/1039533

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779

Details

Source: MITRE

Published: 2017-10-13

Updated: 2019-10-03

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
104384KB4042895: Windows 10 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical
103750Windows 8.1 and Windows Server 2012 R2 October 2017 Security Updates (KRACK)NessusWindows : Microsoft Bulletins
critical
103749KB4041691: Windows 10 Version 1607 and Windows Server 2016 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical
103748Windows Server 2012 October 2017 Security Updates (KRACK)NessusWindows : Microsoft Bulletins
critical
103747KB4041689: Windows 10 Version 1511 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical
103745KB4041676: Windows 10 Version 1703 October 2017 Cumulative Update (KRACK)NessusWindows : Microsoft Bulletins
critical