{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-0000c11a8995","releaseDate":"2021-03-09T08:00:00Z","cveNumber":"CVE-2021-26895","cveTitle":"Windows DNS Server Remote Code Execution Vulnerability","releaseNumber":"2021-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2021-03-09T08:00:00Z","cweList":[],"mitreText":"CVE-2021-26895","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2021-26895","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":2,"olderSoftwareRelease":"Exploitation Less Likely","denialOfService":"N/A","tag":"Role: DNS Server","issuingCna":"Microsoft","severityId":0,"impactId":0,"langCode":"en-US","baseScore":"9.8","temporalScore":"8.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C","isMariner":false,"articles":[{"articleType":"FAQ","description":"
Can this vulnerability by mitigated by enabling Secure Zone Updates?
\nEnabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a \u201csecure zone update\u201d DNS server from a domain-joined computer. This is only a partial mitigation.
\nDoes this vulnerability impact just standalone DNS Primary Authoritative Server and not a DNS Server integrated with Active Directory?
\nThis vulnerability impacts any DNS server. The surrounding configuration can limit possible vectors/sources for the attack, but proper mitigation requires this month\u2019s security update patch.
\n","ordinal":10000},{"articleType":"FAQ","description":"If my server is not configured to be a DNS server, it is vulnerable?
\nNo, this vulnerability is only exploitable if the server is configured to be a DNS server.
\n","ordinal":10000},{"articleType":"Mitigation","description":"The following mitigating factors may be helpful in your situation:
\nTo be vulnerable, a DNS server would need to have dynamic updates enabled.
\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2021-26895","version":1.0,"revisionDate":"2021-03-09T08:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"Information published.
\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"f50d6b98-376b-eb11-a82f-000d3a6d35d9"}]}