A critical vulnerability affecting millions of Windows users allows an attacker to potentially insert malicious payloads, execute arbitrary code with the permission of an application like a web browser or any software that uses DNS, and take complete control over a target computer or server.
The vulnerability, discovered by researcher Nick Freeman at cybersecurity firm Bishop Fox, impacts the DNS client in Windows 8 and Windows 10, as well as Windows Server 2012 through 2016.
A huge range of software conducts DNS requests for everything from web browsing to streaming media. Stepping in the middle of a target and DNS server, an attacker can respond to a request with malicious data to trigger the vulnerability.
Microsoft published a fix in the October 2017 instance of Patch Tuesday, the monthly round of software updates pushed out by the tech giant. There is no indication that the vulnerability has been exploited in the wild.
The full technical details are available on Bishop Fox’s blog.
Bishop Fox illustrated how an attacker could sit on a public Wi-Fi network and run code on a target’s machine, escalate privileges and take full control. An attacker on a corporate network would be able to take control of machines and data as well. A man-in-the-middle attack or lawful interception order poses a similar threat.
“In the majority of cases, the only requirement would be that an attacker is connected to the same network as their target,” Freeman said in a statement.
You can watch Bishop Fox’s Dan Petro explain how an attacker can gain the “keys to the kingdom” by exploiting this vulnerability in the video below: