🟠 High | Source: Microsoft Security Response Center
A use-after-free vulnerability in Windows DNS Server allows an authenticated attacker to remotely execute arbitrary code over a network. Although exploitation requires some level of authorisation, DNS Server is a critical infrastructure component widely deployed across Windows environments, making the blast radius significant. Successful exploitation could allow an attacker to fully compromise the affected server.
Security Architect’s Take: Prioritise patching Windows DNS Server instances immediately, particularly those exposed internally to broad network segments or running on domain controllers. Where patching cannot be applied immediately, consider restricting DNS management plane access via network controls and monitoring for anomalous DNS Server process behaviour.
Original advisory: CVE-2026-49169 Windows DNS Server Remote Code Execution Vulnerability