This advisory describes a Critical Remote Code Execution (RCE) vulnerability that affects Windows servers that are configured to run the DNS Server role. We strongly recommend that server administrators apply the security update at their earliest convenience.

Fixes a DNS issue in which the DNS Host record of a computer is deleted after you change the DNS server assignment. This issue occurs in Windows Vista, in Windows Server 2008, in Windows 7, and in Windows Server 2008 R2.

Fixes an issue in which a Windows Server 2003-based, Windows Server 2008-based or Windows Server 2008 R2-based DNS server stops intermittently responding to DNS queries from client computers.

Resolves a vulnerability in Microsoft Windows that could allow denial of service if a remote unauthenticated attacker sends a specially crafted DNS query to the target DNS server.

Fixes a problem in Windows Server 2008 R2 and in Windows 7 in which you receive error messages after a DNS update when you use a third-party server application for DNS resolution.

This article describes an issue in which a Domain Name System (DNS) server freezes and doesn't respond to DNS requests in Windows Server 2012 R2. A hotfix is available to fix this issue.

If the name exists in one of the resources, such as a DNS server or a Windows Internet Name Service (WINS) server and the client is not resolving the name correctly, focus your attention on troubleshooting that specific resource.

DNS is the name service for Internet addresses that translates friendly domain names to numeric Internet Protocol (IP) addresses. For example, "www.microsoft.com" translates to 198.105.232.6.

Assume that you run the nslookup command on a DNS server that is running Windows Server 2008 R2 to determine the Domain Name System (DNS) infrastructure. In this situation, the name resolution of some external websites fails and you receive a "Server Failure" error message.

The attack, known as NXNSAttack, can target any DNS server, including Microsoft DNS and BIND servers that are authoritative for a DNS zone. For DNS servers that reside on corporate intranets, Microsoft rates the risk of this exploit as low.