Threat Advisory

Microsoft Patches for Critical DNS Vulnerability

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY

A critical denial-of-service (DoS) vulnerability identified as CVE-2023-50868 has been disclosed in the Domain Name System Security Extensions (DNSSEC) protocol, specifically affecting the Next Secure Hash 3 (NSEC3) mechanism used for proving non-existent domains. This flaw allows attackers to craft DNS packets that exhaust the computing resources of DNS resolvers, causing them to become unresponsive. The vulnerability impacts multiple vendors and projects, including Unbound, BIND, dnsmasq, PowerDNS, and various Linux distributions, and can be exploited to significantly slow down DNS server responsiveness, increasing the risk of DNS cache poisoning attacks. The other being CVE-2023-50387 which similarly exploits resource exhaustion but is more severe, potentially allowing a single packet to bring down DNS servers by overloading their CPU. These vulnerabilities require coordinated cross-industry mitigation due to their potential to disrupt large swathes of internet infrastructure.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY

A critical denial-of-service (DoS) vulnerability identified as CVE-2023-50868 has been disclosed in the Domain Name System Security Extensions (DNSSEC) protocol, specifically affecting the Next Secure Hash 3 (NSEC3) mechanism used for proving non-existent domains. This flaw allows attackers to craft DNS packets that exhaust the computing resources of DNS resolvers, causing them to become unresponsive. The vulnerability impacts multiple vendors and projects, including Unbound, BIND, dnsmasq, PowerDNS, and various Linux distributions, and can be exploited to significantly slow down DNS server responsiveness, increasing the risk of DNS cache poisoning attacks. The other being CVE-2023-50387 which similarly exploits resource exhaustion but is more severe, potentially allowing a single packet to bring down DNS servers by overloading their CPU. These vulnerabilities require coordinated cross-industry mitigation due to their potential to disrupt large swathes of internet infrastructure.[emaillocker id="1283"]

RECOMMENDATION:

We strongly recommend applying an update for NSEC3 Vulnerability

Download here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-50868

We strongly recommend applying an update for DNSSEC Vulnerability

Download here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387

REFERENCES:

The following reports contain further technical details:

https://www.darkreading.com/vulnerabilities-threats/microsoft-late-dangerous-dnssec-zero-day-flaw

[/emaillocker]

Recent Advisories

Claude SDK Vulnerability Exposes Local File Permissions

April 30, 2026

IPL Web Library Vulnerability Risks Session Hijacking via Cross-Site Scripting

April 30, 2026

SLOTAGENT Malware Uses API Hashing and Encrypted Strings to Hinder Reverse Engineering

April 30, 2026

Kuse Web Application Leveraged for Large Scale Phishing Campaign

April 30, 2026