===================================================================== CERT-Renater Note d'Information No. 2012/VULN117 ____________________________________________________________________ DATE : 14/03/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Windows versions Server 2003, Server 2008. ====================================================================== KB2647170 http://technet.microsoft.com/en-us/security/bulletin/ms12-017 _______________________________________________________________________ Microsoft Security Bulletin MS12-017 - Important Vulnerability in DNS Server Could Allow Denial of Service (2647170) Published: Tuesday, March 13, 2012 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server. This security update is rated Important for all supported editions of Windows Server 2003, 32-bit and x64-based editions of Windows Server 2008, and x64-based editions of Windows Server 2008 R2. For more information, see the subsection, Affected Software, in this section. Affected Software Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Service Pack 1 Vulnerability Information DNS Denial of Service Vulnerability - CVE-2012-0006 A denial of service vulnerability exists in the way that the DNS server improperly handles objects in memory when looking up the resource record of a domain. An attacker that successfully exploited this vulnerability could cause the DNS server on the target system to stop responding and automatically restart. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================