MS15-127: Security update for Microsoft Windows DNS to address remote code execution: December 8, 2015

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials


This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.

The security update addresses the vulnerability by modifying how DNS servers parse requests.

To learn more about the vulnerability, see Microsoft Security Bulletin MS15-127.

More Information

  • This security update is only applicable to Windows-based servers that have the DNS server role installed.
  • All future security and nonsecurity updates for Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Known issues

Assume that you have either 3100465 or

3022780 installed on a server that's running Windows Server 2008 R2. If the Domain Name System (DNS) server role is installed on the server, the DNS server may not respond to a CNAME query.

To work around this issue, run the following command from an elevated command prompt to disable the background zone loading feature on the affected DNS server:

dnscmd /Config /DsMinimumBackgroundLoadThreads 0

Note This setting prevents incoming queries from being answered until zone loading is completed. Clients should be configured to use secondary DNS servers as a fallback in this scenario.

To re-enable background zone loading, run the following command from an elevated command prompt:

dnscmd /Config /DsMinimumBackgroundLoadThreads 1

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see
Get security updates automatically.