New preview detection: Remote code execution over DNS

Tali Ash

On 12/11/2018 Microsoft published CVE-2018-8626, announcing that a newly discovered remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. In this vulnerability, servers fail to properly handle requests. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the Local System Account. Windows servers currently configured as DNS servers are at risk from this vulnerability.

Starting from Version 2.62, Azure ATP when DNS queries suspected of exploiting the CVE-2018-8626 security vulnerability are made against a domain controller in the network,

and issue a security alert like the one shown below.


For more information visit https://aka.ms/atasaguide-dnsrce

Stay tuned for additional alerts and updates. Your feedback is welcome



Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
22 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
13 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies