Windows Domain Name Service Remote Code Execution Vulnerability (CVE-2025-24064)

Powershell, Security, Vulnerabities

CVE-2025-24064 of March 11, 2025 highlights the possibility of executing malicious code on the network by exploiting the Use After Free vulnerability in the DNS server.

The vulnerability shows the importance of allowing DNS updates only from trusted devices and therefore having only secure updates, preventing unrecognized devices from updating or adding their A record in the DNS zone.

The vulnerability affects operating systems

  • Windows Server 2025 from 10.0.26100.0 before 10.0.26100.3476 
  • Windows Server 2022, 23H2 Edition from 10.0.25398.0 before 10.0.25398.1486 
  • Windows Server 2022 from 10.0.20348.0 before 10.0.20348.3328 
  • Windows Server 2019 from 10.0.17763.0 before 10.0.17763.7009 
  • Windows Server 2016 from 10.0.14393.0 before 10.0.14393.7876 
  • Windows Server 2012 from 6.2.9200.0 before 6.2.9200.25368 
  • Windows Server 2012 R2 from 6.3.9600.0 before 6.3.9600.22470 
  • Windows Server 2008 Service Pack 2 from 6.0.6003.0 before 6.0.6003.23168 
  • Windows Server 2008 R2 Service Pack 1 from 6.1.7601.0 before 6.1.7601.27618 

Use After Free

The vulnerability called Use After Free involves the program being used to reuse a pointer to a previously disused area of memory and which, therefore, could now reference code from another program.

Sample Code in PowerShell

Powershell manages memory automatically and therefore, unlike c code, we are still forced to allocate memory to be used after discarding the pointer.

param (
    [string]$inputString
)
$BUFSIZER1 = 512
$BUFSIZER2 = [math]::Floor(($BUFSIZER1 / 2) - 8)
# Simuliamo l'allocazione della memoria con array di byte
[byte[]]$buf1R1 = New-Object byte[] $BUFSIZER1
[byte[]]$buf2R1 = New-Object byte[] $BUFSIZER1
# "Free" di buf2R1 (PowerShell gestisce la memoria automaticamente)
$buf2R1 = $null 
[byte[]]$buf2R1 = New-Object byte[] $BUFSIZER2
[byte[]]$buf2R2 = New-Object byte[] $BUFSIZER2
[byte[]]$buf3R2 = New-Object byte[] $BUFSIZER2
Write-Output "buf2R1: $($buf2R1 -join '')"
# Copia della stringa di input (simile a strncpy)
$inputBytes = [System.Text.Encoding]::UTF8.GetBytes($inputString)
Write-Output "Input string: $($inputBytes -join '')"
$copyLength = [math]::Min($inputBytes.Length, $BUFSIZER1 - 1)
[System.Array]::Copy($inputBytes, 0, $buf2R1, 0, $copyLength)
# "Free" delle altre allocazioni
$buf1R1 = $null
$buf2R2 = $null
$buf3R2 = $null
Write-Output "buf2R1: $($buf2R1 -join '')"
Write-Output "Memory simulation completed."

For more information

CWE – CWE-416: Use After Free (4.16)

CVE: Common Vulnerabilities and Exposures

CVE-2025-24064 – Security Update Guide – Microsoft – Windows Domain Name Service Remote Code Execution Vulnerability

Published

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.