MS15-127: Security update for Microsoft Windows DNS to address remote code execution: December 8, 2015

Summary

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted requests to a DNS server.


The security update addresses the vulnerability by modifying how DNS servers parse requests.


To learn more about the vulnerability, see Microsoft Security Bulletin MS15-127.

More Information

Important

  • This security update is only applicable to Windows-based servers that have the DNS server role installed.

  • All future security and nonsecurity updates for Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows Server 2012 R2-based computer so that you receive future updates.

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Known issues

Assume that you have either 3100465 or


3022780 installed on a server that's running Windows Server 2008 R2. If the Domain Name System (DNS) server role is installed on the server, the DNS server may not respond to a CNAME query.

To work around this issue, run the following command from an elevated command prompt to disable the background zone loading feature on the affected DNS server:

dnscmd /Config /DsMinimumBackgroundLoadThreads 0
Note This setting prevents incoming queries from being answered until zone loading is completed. Clients should be configured to use secondary DNS servers as a fallback in this scenario.

To re-enable background zone loading, run the following command from an elevated command prompt:

dnscmd /Config /DsMinimumBackgroundLoadThreads 1

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see
Get security updates automatically.

You can obtain the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

Click the download link in Microsoft Security Bulletin MS15-127 that corresponds to the version of Windows that you are running.

More Information

Windows Server 2008 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Server 2008:
Windows6.0-KB3100465-x86.msu

For all supported x64-based editions of Windows Server 2008:
Windows6.0-KB3100465-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

WUSA.exe does not support uninstall of updates. To uninstall an update that is installed by WUSA, click Control Panel, and then click Security. Under Windows Update, click View installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2008 R2 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows Server 2008 R2:
Windows6.1-KB3100465-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, and then click System and Security. Under Windows Update, click View installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

Windows Server 2012 and Windows Server 2012 R2 (all editions)Reference Table

The following table contains the security update information for this software.

Security update file name

For all supported editions of Windows Server 2012:
Windows8-RT-KB3100465-x64.msu

For all supported editions of Windows Server 2012 R2:
Windows8.1-KB3100465-x64.msu

Installation switches

See Microsoft Knowledge Base Article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

To uninstall an update that is installed by WUSA, use the /Uninstall setup switch. Or, click Control Panel, click System and Security, and then click Windows Update. Under See also, click Installed updates, and then select from the list of updates.

File information

See the file information section.

Registry key verification

Note A registry key does not exist to validate the presence of this update.


Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

File Information

File name

SHA1 hash

SHA256 hash

Windows6.0-KB3100465-x64.msu

3DC1A5C0C265534AFCA2C529CEB18B4267105F38

3A6AF4BF02B36BCEE6AA10E792A0DB3599A0BFFE40C295DADDC8F499017E4470

Windows6.0-KB3100465-x86.msu

436A4D50934F5E24CCDF5FC617FDEE2CFC661336

2E70CD86692DF013BDAD1503E488ADFBF1BA89463E4291CCF21A5E6713E270B9

Windows6.1-KB3100465-x64.msu

95D86E683F56668C7FE512DAAC666559DF8C40FB

EFF7E54E6DBCE8ED978C34F41C8524E743DC37A7E6D6B414CE4B6EBB4B81CD81

Windows8-RT-KB3100465-x64.msu

0BDC117C3F9C92D3A3287904A949A399BB49215C

135ECDF318C8C13C2FD206FD4D5487DE01318DA6791D7686E1525E324F6F65AD

Windows8.1-KB3100465-x64.msu

AC03D3A5C93AED0B6DDBC3E19A9EE7379029FB51

E0AD28D90D723B9B8434074D55DE5E82FA14A3ABE253C980F31916CA74ABAD48


The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). Be aware that dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time bias. The dates and times may also change when you perform certain operations on the files.

Windows Vista and Windows Server 2008 file information

Notes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.0.600 2.19xxx

    Windows Vista or Windows Server 2008

    SP2

    GDR

    6.0.600 2.23xxx

    Windows Vista or Windows Server 2008

    SP2

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Cache.dns

Not applicable

3,179

03-Sep-2008

18:33

Not applicable

Dns.exe

6.0.6002.19526

640,000

20-Oct-2015

14:39

x64

Dnsserver.events.xml

Not applicable

609

03-Sep-2008

18:33

Not applicable

Cache.dns

Not applicable

3,179

07-May-2014

23:40

Not applicable

Dns.exe

6.0.6002.23836

640,512

20-Oct-2015

14:50

x64

Dnsserver.events.xml

Not applicable

609

07-May-2014

23:40

Not applicable

For all supported x86-based versions

File name

File version

File size

Date

Time

Platform

Cache.dns

Not applicable

3,179

16-Apr-2008

00:31

Not applicable

Dns.exe

6.0.6002.19526

510,976

20-Oct-2015

14:26

x86

Dnsserver.events.xml

Not applicable

609

16-Apr-2008

00:31

Not applicable

Cache.dns

Not applicable

3,179

07-May-2014

23:40

Not applicable

Dns.exe

6.0.6002.23836

511,488

20-Oct-2015

14:22

x86

Dnsserver.events.xml

Not applicable

609

07-May-2014

23:40

Not applicable

Windows 7 and Windows Server 2008 R2 file information

Notes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.1.760 1.18xxx

    Windows 7 or Windows Server 2008 R2

    SP1

    GDR

    6.1.760 1.23 xxx

    Windows 7 or Windows Server 2008 R2

    SP1

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Cache.dns

Not applicable

3,198

03-Jun-2015

20:15

Not applicable

Dns.exe

6.1.7601.19046

696,832

20-Oct-2015

18:40

x64

Dnsserver.events.xml

Not applicable

609

03-Jun-2015

20:15

Not applicable

Cache.dns

Not applicable

3,198

03-Jun-2015

20:15

Not applicable

Dns.exe

6.1.7601.23251

700,928

20-Oct-2015

18:17

x64

Dnsserver.events.xml

Not applicable

609

03-Jun-2015

20:15

Not applicable

Windows 8 and Windows Server 2012 file information

Notes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.2.920 0.17xxx

    Windows 8, Windows RT, or Windows Server 2012

    RTM

    GDR

    6.2.920 0.21xxx

    Windows 8, Windows RT, or Windows Server 2012

    RTM

    LDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Cache.dns

Not applicable

3,198

02-Jun-2012

14:30

Not applicable

Dns.exe

6.2.9200.17568

1,533,952

07-Nov-2015

12:46

x64

Dnsserver.events.xml

Not applicable

609

02-Jun-2012

14:30

Not applicable

Cache.dns

Not applicable

3,198

02-Jun-2012

14:30

Not applicable

Dns.exe

6.2.9200.21685

1,537,536

06-Nov-2015

20:58

x64

Dnsserver.events.xml

Not applicable

609

02-Jun-2012

14:30

Not applicable

Windows 8.1 and Windows Server 2012 R2 file information

Notes

  • The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:

    Version

    Product

    Milestone

    Service branch

    6.3.960 0.17 xxx

    Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2

    RTM

    GDR

  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.

  • The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

For all supported x64-based versions

File name

File version

File size

Date

Time

Platform

Cache.dns

Not applicable

3,198

18-Jun-2013

14:43

Not applicable

Dns.exe

6.3.9600.18094

1,735,168

20-Oct-2015

14:25

x64

Dnsserver.events.xml

Not applicable

609

18-Jun-2013

14:43

Not applicable


Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×