Windows DNS Client – Memory Corruption Vulnerabilities

Patch Date:

October 10, 2017

Reported Date:

March 7, 2017


Microsoft Corporation

Systems Affected

Windows 8 through Windows 10, and Windows Server 2012 through 2016.


High-risk memory corruption vulnerabilities in the Windows DNS client could lead to the compromise of a device or system. These issues relate to insufficient validation of data during the parsing of NSEC3 DNS Resource Records (RRs), resulting in corruption of the affected application's heap. If fully exploited, these vulnerabilities would enable an attacker to execute arbitrary code on the target host, and subsequently gain full administrative control of the affected host.

Vendor Status

The vulnerabilities were remediated in CVE-2017-11779 as part of Microsoft's October Patch Tuesday update.

Disclosure Timeline

  • March 7, 2017: Issue initially reported to Microsoft
  • March 8, 2017: Microsoft confirms receipt of report, case opened
  • March 9, 2017: Microsoft confirms vulnerability and that they are working on a fix
  • April 27, 2017: Bishop Fox requests status update
  • May 2, 2017: Microsoft provides update that triage is still in process, with no ETA
  • May 12, 2017: Microsoft advises an August release date
  • June 26, 2017: Microsoft advises that due to unforeseen circumstances, the release is pushed back to October
  • October 10, 2017: Patch released


Nick Freeman of Bishop Fox

Vulnerability Details

Please refer to the technical write-up at the Bishop Fox blog.