CNVD-2022-71975

Vulnerability from cnvd - Published: 2022-10-28
VLAI Severity ?
Title
Microsoft Windows DNS Server远程代码执行漏洞(CNVD-2022-71975)
Description
Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Windows DNS Server是其中的一个DNS(域名系统)服务器。 Microsoft Windows DNS Server存在远程代码执行漏洞。该漏洞源于外部输入数据构造代码段的过程中,网络系统或产品未能正确过滤其中的特殊元素。攻击者可利用该漏洞在系统上执行任意代码。
Severity
Patch Name
Microsoft Windows DNS Server远程代码执行漏洞(CNVD-2022-71975)的补丁
Patch Description
Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Windows DNS Server是其中的一个DNS(域名系统)服务器。 Microsoft Windows DNS Server存在远程代码执行漏洞。该漏洞源于外部输入数据构造代码段的过程中,网络系统或产品未能正确过滤其中的特殊元素。攻击者可利用该漏洞在系统上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26829

Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-26829
Impacted products
Name
['Microsoft Windows Server 2008', 'Microsoft Windows Server 2016', 'Microsoft Windows Server 2019', 'Microsoft Windows Server 20H2', 'Microsoft Windows Server 2012', 'Microsoft Windows Server 2022', 'Microsoft Windows Server 2008 R2', 'Microsoft Windows Server 2012 R2']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-26829",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-26829"
    }
  },
  "description": "Microsoft Windows\u662f\u4e00\u5957\u4e2a\u4eba\u8bbe\u5907\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Microsoft Windows Server\u662f\u4e00\u5957\u670d\u52a1\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002Windows DNS Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aDNS\uff08\u57df\u540d\u7cfb\u7edf\uff09\u670d\u52a1\u5668\u3002\n\nMicrosoft Windows DNS Server\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26829",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-71975",
  "openTime": "2022-10-28",
  "patchDescription": "Microsoft Windows\u662f\u4e00\u5957\u4e2a\u4eba\u8bbe\u5907\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Microsoft Windows Server\u662f\u4e00\u5957\u670d\u52a1\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002Windows DNS Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2aDNS\uff08\u57df\u540d\u7cfb\u7edf\uff09\u670d\u52a1\u5668\u3002\r\n\r\nMicrosoft Windows DNS Server\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows DNS Server\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2022-71975\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008",
      "Microsoft Windows Server 2016",
      "Microsoft Windows Server 2019",
      "Microsoft Windows Server 20H2",
      "Microsoft Windows Server 2012",
      "Microsoft Windows Server 2022",
      "Microsoft Windows Server 2008 R2",
      "Microsoft Windows Server 2012 R2"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-26829",
  "serverity": "\u9ad8",
  "submitTime": "2022-04-15",
  "title": "Microsoft Windows DNS Server\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2022-71975\uff09"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.