Windows DNS Query Information Disclosure Vulnerability - CVE-2017-0057ID: oval:org.secpod.oval:def:39417 | Date: (C)2017-03-16 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
An information disclosure vulnerability exists when Windows dnsclient fails to properly handle requests. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.There are multiple ways an attacker could exploit the vulnerability; If the target is a workstation, the attacker could convince a user to visit an untrusted webpage. If the target is a server, the attacker would have to trick the server into sending a DNS query to a malicious DNS server.The security update addresses the vulnerability by modifying how Windows dnsclient handles requests.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |