Windows DNS Server Denial of Service Vulnerability

Microsoft is aware of a vulnerability involving packet amplification that affects Windows DNS servers.

An attacker who successfully exploited this vulnerability could cause the DNS Server service to become nonresponsive.

To exploit this vulnerability an attacker would need to have access to at least one client and a domain that replies with a large volume of referral records, without glue records, that point to external victim sub domains.

While resolving a name from the attacker client, for each referral record found, the resolver contacts the victim domain. This action can generate a large number of communications between the recursive resolver and the victim’s authoritative DNS server to cause a Distributed Denial of Service (DDoS) attack.

All supported versions of Windows Server are affected.

Mitigations

Response Rate Limit feature serves as a mitigation tool for the problem of DNS amplification attacks when victim is using Microsoft DNS server. Please see What’s New in DNS Server for more information.

Workarounds

Enable RRL on a DNS server

Please see DNS Server Response Rate Limiting for more information.

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: