Microsoft Windows DNS Server code execution [CVE-2023-28305]
CVE number = CVE-2023-28305
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the DNS Server component.
By winning a race condition, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges.
As is best practice, regular validation and audits of administrative groups should be conducted.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.