Forum Discussion
Tali Ash
Microsoft
Jan 24, 2019New preview detection: Remote code execution over DNS
On 12/11/2018 Microsoft published CVE-2018-8626, announcing that a newly discovered remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. In this vulnerability, servers fail to properly handle requests. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the Local System Account. Windows servers currently configured as DNS servers are at risk from this vulnerability.
Starting from Version 2.62, Azure ATP when DNS queries suspected of exploiting the CVE-2018-8626 security vulnerability are made against a domain controller in the network,
and issue a security alert like the one shown below.
For more information visit https://aka.ms/atasaguide-dnsrce
Stay tuned for additional alerts and updates. Your feedback is welcome
No RepliesBe the first to reply