by Three critical level security vulnerabilities with a CVSS 3.1 Score of 9.8 that will cause remote code execution has been published in the Microsoft DNS Server product. These security vulnerabilities allow code execution with the DNS Server application pool and DNS Server server group accounts. These security vulnerabilities are valid in the versions listed below. Although there is no exploit detection regarding the published vulnerabilities, it is recommended to download the published patches over the relevant links in order not to damage the systems due to their criticality.
Solution and CVE/CWE
Installing the updates listed in the table below is recommended.
CVE/CWE: CVE-2021-26893, CVE-2021-26894 ve CVE-2021-26895
|
Product |
Article |
Security Patch |
| Windows Server 2012 R2 (Server Core installation) | 5000848 | Monthly Rollup |
| Windows Server 2012 R2 (Server Core installation) | 5000853 | Security Only |
| Windows Server 2012 R2 | 5000848 | Monthly Rollup |
| Windows Server 2012 R2 | 5000853 | Security Only |
| Windows Server 2012 (Server Core installation) | 5000847 | Monthly Rollup |
| Windows Server 2012 (Server Core installation) | 5000840 | Security Only |
| Windows Server 2012 | 5000847 | Monthly Rollup |
| Windows Server 2012 | 5000840 | Security Only |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000841 | Monthly Rollup |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5000851 | Security Only |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000841 | Monthly Rollup |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5000851 | Security Only |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000844 | Monthly Rollup |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5000856 | Security Only |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000844 | Monthly Rollup |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5000856 | Security Only |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000844 | Monthly Rollup |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5000856 | Security Only |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000844 | Monthly Rollup |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5000856 | Security Only |
| Windows Server 2016 (Server Core installation) | 5000803 | Security Update |
| Windows Server 2016 | 5000803 | Security Update |
| Windows Server, version 20H2 (Server Core Installation) | 5000802 | Security Update |
| Windows Server, version 2004 (Server Core installation) | 5000802 | Security Update |
| Windows Server, version 1909 (Server Core installation) | 5000808 | Security Update |
| Windows Server 2019 (Server Core installation) | 5000822 | Security Update |
| Windows Server 2019 | 5000822 | Security Update |
Note: Those with a CVSS 3.1 score (out of 10) 7.0-8.9 are considered “high”, those with 9.0-10.0 are considered “critical” vulnerabilities.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-26893
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26893
