Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8304: Windows DNSAPI Denial of Service Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2018-8304: Windows DNSAPI Denial of Service Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Published

07/10/2018

Created

07/25/2018

Added

07/10/2018

Modified

11/18/2021

Description

A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could cause a system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. To exploit the vulnerability, the attacker would use a malicious DNS server to send corrupted DNS responses to the target. The update addresses the vulnerability by modifying how Windows DNSAPI.dll handles DNS responses.

Solution(s)

msft-kb4291391-1c672821-5853-45b8-ac05-efd22ddf07ce
msft-kb4291391-a0a8e256-e017-4204-b9bf-353c6aee397f
msft-kb4291391-f6696dbc-4f3f-4fc2-9621-6318b6d59a50
msft-kb4291391-ff4198fc-5809-483d-a85f-67cf38594f9e
msft-kb4338814-1d730105-0adc-48b0-b97e-f99e48b0bc43
msft-kb4338814-3e8fbcc4-12ae-46d7-a550-98b36cf04be3
msft-kb4338814-c0b5b4ea-e32b-4bd3-8f5a-5d20c0d60b6c
msft-kb4338820-42ded291-a440-4b4d-9efd-877384896802
msft-kb4338820-756f2788-66ec-4732-ab6d-10a889a37d64
msft-kb4338820-e053fade-ae8f-4e1b-a113-c319625bc13c
msft-kb4338823-350c8547-b462-47a7-9150-012b5e59cae5
msft-kb4338823-3c0a22dd-84e1-4d8d-bab0-9c1366320bb0
msft-kb4338823-aad98b57-eed4-4a0e-a44a-6ad82f339406
msft-kb4338823-b304c792-133a-4fa4-8f47-bac9153afd71
msft-kb4338823-b62a64f4-5072-4074-ac63-79ae61e0d4b0
msft-kb4338823-d5fa704a-bd09-4d9b-a68e-8da1fe2642f7
msft-kb4338824-007ce1f3-3a12-40ef-8389-322068b780a7
msft-kb4338824-4f051f3f-abd6-4d6d-8fbe-c78051dfe500
msft-kb4338824-5d49efb1-0497-4625-9504-474fceca16d8
msft-kb4338825-0839cfd6-8d2d-4902-86f9-c500c8c2012e
msft-kb4338825-b4d83549-b9d9-476e-a185-2cbcac3e6da5
msft-kb4338825-f09a0bc7-6651-458a-9781-7fc2aa78f77a
msft-kb4338826-5631f856-d323-46c6-9315-6009b1e15264
msft-kb4338826-68816a0f-47c2-40da-b3cd-f46bc468546e
msft-kb4338829-65462f35-2ae0-49e0-8271-65ae301cb886
msft-kb4338829-b156d204-e2b4-4f8a-baba-c2501be2b4c2

References

https://attackerkb.com/topics/cve-2018-8304
CVE - 2018-8304
4291391
4338814
4338815
4338818
4338820
4338823
4338824
4338825
4338826
4338829
4338830

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-8304: Windows DNSAPI Denial of Service Vulnerability

Microsoft CVE-2018-8304: Windows DNSAPI Denial of Service Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.