Use-after-free in Windows Server - CVE-2024-26231

 

Use-after-free in Windows Server - CVE-2024-26231

Published: April 9, 2024


Vulnerability identifier: #VU88246
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-26231
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Microsoft
Affected software:
Windows Server

Detailed vulnerability description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling DNS queries. A remote user can send specially crafted DNS requests to the affected server and execute arbitrary code on the system, if the timing of DNS queries is perfect.


How to mitigate CVE-2024-26231

Install updates from vendor's website.

Sources