The security update addresses the vulnerability by modifying how DNS servers parse requests.
To learn more about the vulnerability, see Microsoft Security Bulletin MS15-127.
- This security update is only applicable to Windows-based servers that have the DNS server role installed.
- All future security and nonsecurity updates for Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows Server 2012 R2-based computer so that you receive future updates.
- If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
Known issuesAssume that you have either 3100465 or
3022780 installed on a server that's running Windows Server 2008 R2. If the Domain Name System (DNS) server role is installed on the server, the DNS server may not respond to a CNAME query.
To work around this issue, run the following command from an elevated command prompt to disable the background zone loading feature on the affected DNS server:
Note This setting prevents incoming queries from being answered until zone loading is completed. Clients should be configured to use secondary DNS servers as a fallback in this scenario.
To re-enable background zone loading, run the following command from an elevated command prompt:
How to obtain and install the update
Method 1: Windows Update
Get security updates automatically.