Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
The vulnerability results from improper heap memory handling in the Windows DNS implementation — classified as CWE-122 (heap-based buffer overflow). An attacker can send specially crafted network data to the DNS service, causing a buffer overflow in the heap area. The result can be overwriting critical memory structures, which enables taking control of the process execution flow and running arbitrary code.
An unauthenticated remote attacker can execute arbitrary code in the context of the vulnerable DNS service, which in practice can lead to complete system takeover, loss of data confidentiality, and disruption of service availability.
Apply patches available from the manufacturer according to references published at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096. It is recommended to immediately deploy available Microsoft security updates and — until the patch is installed — consider restricting network access to the DNS service only from trusted sources using a firewall.
Microsoft Windows DNS components — versions indicated in the manufacturer's references (Microsoft Security Response Center).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows 11 23h2
OSMicrosoft< 10.0.22631.7079Microsoft Windows 11 24h2
OSMicrosoft< 10.0.26100.8390Microsoft Windows 11 25h2
OSMicrosoft< 10.0.26200.8390Microsoft Windows 11 26h1
OSMicrosoft< 10.0.28000.2113Microsoft Windows Server 2022 23h2
OSMicrosoft< 10.0.25398.2330Microsoft Windows Server 2025
OSMicrosoft< 10.0.26100.32772
Related vulnerabilities
RCE w Windows Server Update Service (WSUS) — deserializacja danych
Heap buffer overflow w Windows TCP/IP umożliwia privilege escalation przez sieć
Podatność typu tampering w Windows DHCP Server umożliwia nieautoryzowaną modyfikację danych
Stack-based buffer overflow w Windows DHCP Client — zdalne wykonanie kodu
Use-after-free w Windows Kernel umożliwiające zdalne wykonanie kodu