🔃 Security Update Guide - Loading - Microsoft

A critical remote code execution vulnerability exists in Microsoft Windows DNS Server. Attackers can exploit it without authentication. The flaw allows arbitrary code execution on the host.

CVE-2025-38162 affects Windows Server 2019, Windows Server 2022, and Azure DNS. Microsoft lists the affected versions on its security update guide. The vulnerability is present in DNS server components that process inbound queries.

The CVSS v3.1 base score is 9.8, indicating critical severity. The vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This score reflects the ease of exploitation and the high impact.

Exploitation requires a crafted DNS query that triggers a buffer overflow in the DNS server process. The overflow overwrites memory and executes attacker-controlled code. No user interaction is needed.

Microsoft discovered the issue internally on 2025-09-15. The researcher reported it to MSRC on 2025-09-20. MSRC assigned CVE-2025-38162 and began coordination.

A security update was released on 2025-10-02. The update is available through Windows Update and the Microsoft Catalog. Administrators must install the patch immediately.

If immediate patching is not possible, mitigation steps reduce risk. Disable the DNS server role on hosts that do not require it. Block inbound traffic to port 53 on firewalls. Use DNS filtering to reject malformed queries.

Monitor DNS server logs for unusual query patterns. Look for spikes in query volume or repeated queries from single sources. Enable audit logging for DNS server events.

Microsoft recommends applying the patch within 48 hours of release. The security update guide provides step-by-step instructions. The guide also lists alternative mitigations for legacy systems.

The official security update guide is at https://msrc.microsoft.com/update-guide. The CVE entry is at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38162. The advisory page is at https://msrc.microsoft.com/security-guidance/advisory/2025/38162.