Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB3161951
HistoryJun 14, 2016 - 7:00 a.m.

MS16-071: Description of the security update for DNS Server: June 14, 2016

2016-06-1407:00:00
Microsoft
support.microsoft.com
33

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.331 Low

EPSS

Percentile

97.0%

JSON

MS16-071: Description of the security update for DNS Server: June 14, 2016

Summary

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.

To learn more about the vulnerability, see Microsoft Security Bulletin MS16-071.

More Information

Important

  • This security update is only applicable to Windows-based servers that have the DNS server role installed.
  • All future security and non-security updates for Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see
Get security updates automatically.

__

Method 2: Microsoft Download Center

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS16-071 that corresponds to the version of Windows that you are running.

More Information

__

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

File Information

__

File hash information

File name SHA1 hash SHA256 hash
Windows8-RT-KB3161951-x64.msu 10E1A74CAA81D940B02D757F720742C050EFDAEE E19F07F5AF56E94E5F1D70CDFD3EA26751B3BC9BD67525D6A8A3F4921DC99684
Windows8.1-KB3161951-x64.msu E9E5FD14FB481BA01409D18527A92E83CF5DFCC1 E3AB42BC76267647E2AD2E31EFCA38B5E3D558838FE70CC5E8793927C48F4F18

__

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). Be aware that dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time bias. The dates and times may also change when you perform certain operations on the files.Windows Server 2012 file informationNotes

* The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:Version Product Milestone Service branch
6.2.920 0.17xxx Windows 8, Windows RT, or Windows Server 2012 RTM GDR
6.2.920 0.21xxx Windows 8, Windows RT, or Windows Server 2012 RTM LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
    For all supported x64-based versionsFile name| File version| File size| Date| Time| Platform
    —|—|—|—|—|—
    Cache.dns| Not applicable| 3,198| 02-Jun-2012| 14:30| Not applicable
    Dns.exe| 6.2.9200.21872| 1,537,536| 12-May-2016| 22:16| x64
    Dnsserver.events.xml| Not applicable| 609| 02-Jun-2012| 14:30| Not applicable
    Windows 8.1 and Windows Server 2012 R2 file informationNotes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:Version| Product| Milestone| Service branch
    —|—|—|—
    6.3.960 0.16 xxx| Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2| RTM| GDR
    6.3.960 0.17 xxx| Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2| RTM| GDR
    6.3.960 0.18 xxx| Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2| RTM| GDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.
    For all supported x64-based versionsFile name| File version| File size| Date| Time| Platform
    —|—|—|—|—|—
    Cache.dns| Not applicable| 3,198| 18-Jun-2013| 14:43| Not applicable
    Dns.exe| 6.3.9600.18340| 1,736,704| 13-May-2016| 21:52| x64
    Dnsserver.events.xml| Not applicable| 609| 18-Jun-2013| 14:43| Not applicable

Related

symantec 1
mskb 1
nessus 1
prion 1
mscve 1
cve 1
openvas 1
thn 1
kaspersky 1
symantec
symantec
Microsoft Windows CVE-2016-3227 DNS Use After Free Remote Code Execution Vulnerability
2016-06-14 00:00:00
mskb
mskb
MS16-071: Security update for Microsoft Windows DNS Server: June 14, 2016
2016-06-14 00:00:00
nessus
nessus
MS16-071: Security Update for Microsoft Windows DNS Server (3164065)
2016-06-14 00:00:00
prion
prion
Double free
2016-06-16 01:59:00
mscve
mscve
Windows DNS Server Use After Free Vulnerability
2016-06-14 07:00:00
cve
cve
CVE-2016-3227
2016-06-16 01:59:00
openvas
openvas
Microsoft Windows DNS Server Remote Code Execution Vulnerability (3164065)
2016-06-15 00:00:00
thn
thn
Microsoft releases tons of Security Updates to patch 44 vulnerabilities
2016-06-14 19:35:00
kaspersky
kaspersky
KLA10825 Multiple vulnerabilities in Microsoft Windows
2016-06-14 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.331 Low

EPSS

Percentile

97.0%

JSON
Related for KB3161951
symantec1mskb1nessus1prion1mscve1cve1openvas1thn1kaspersky1