Microsoft has released a security advisory addressing a vulnerability affecting Windows DNS Server. Successful exploitation of the flaw could lead to a denial-of-service attack, officials report.
ADV200009 warns of a vulnerability involving packet amplification that affects Windows DNS servers. An attacker would need access to at least one client and a domain that replies with large amounts of referral records that point to external subdomains. While resolving a name from the attacker client, for each record found the resolver contacts the victim's domain.
This process can generate a lot of communications between the recursive resolver and the victim's DNS server to cause a distributed denial-of-service attack, Microsoft explains. It recommends enabling RRL on a DNS server as a workaround for the vulnerability.
US-CERT has posted an alert for ADV200009. Users and administrators are encouraged to review Microsoft's post and apply the necessary mitigations.
Read Microsoft's full advisory here.