CVE-2017-0057

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions 8.1, 10 Gold, 10 1511, 10 1607, and Windows Server versions 2012 R2, 2016 Windows RT 8.1

Description The issue is related to the DNS client in Microsoft Windows, which fails to properly process DNS queries. This allows remote attackers to obtain sensitive information by either convincing a workstation user to visit an untrusted webpage or tricking a server into sending a DNS query to a malicious DNS server. The vulnerability is associated with a lack of protection for service data.

Recommendations For Microsoft Windows 8.1, update to a version that includes the fix for this issue. For Windows 10 Gold, 1511, and 1607, update to a version that includes the fix for this issue. For Windows Server 2012 R2 and 2016, update to a version that includes the fix for this issue. For Windows RT 8.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to untrusted web pages and limiting DNS queries to trusted servers until a patch is available.