On 12/11/2018 Microsoft published CVE-2018-8626, announcing that a newly discovered remote code execution vulnerability exists in Windows Domain Name System (DNS) servers. In this vulnerability, servers fail to properly handle requests. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the Local System Account. Windows servers currently configured as DNS servers are at risk from this vulnerability.

Starting from Version 2.62, Azure ATP when DNS queries suspected of exploiting the CVE-2018-8626 security vulnerability are made against a domain controller in the network,

and issue a security alert like the one shown below.

For more information visit https://aka.ms/atasaguide-dnsrce

Stay tuned for additional alerts and updates. Your feedback is welcome