Microsoft has confirmed it is adding another security flaw to its list of vulnerability, the first in its latest Windows 10 upgrade, in an effort to improve its security posture against cyberattack.
In a blog post Tuesday, Microsoft said it is removing a previously undisclosed issue in the DNS server of the Windows operating system that could lead to a remote code execution when an attacker tries to exploit a flaw in Microsoft’s DNS.
The company said it will disable DNS updates that are not secure.
It will remove updates that contain the CVE-2016-1386 vulnerability.
The vulnerability affects Windows Server 2003, Windows Server 2008, Windows 7 and Windows 8.1 and was identified by researchers at Trend Micro.
Microsoft said its fix is in the same package that contains CVE-2015-3107, CVE-2014-1070, CVE.2015-1809 and CVE-2017-1821.
The vulnerabilities affected by the vulnerability have not been identified by Microsoft, and Microsoft did not provide a patch.
Microsoft has not yet said when it will remove the vulnerability from the list of known vulnerabilities.
The Internet security firm FireEye said it has identified another Windows vulnerability that could allow attackers to remotely exploit an issue in Microsoft DNS.
FireEye, which is a partner of Symantec, found that the DNS Server Security Update for Windows Server 2016 did not address the CVE.2017-02-24 CVE-2018-2818 is a remote Code Execution vulnerability in the Microsoft DNS Server Update for the Windows Server 2012 R2 and Windows Server 2013.
The vulnerability is mitigated by a patch issued in March 2018, but a new update for Windows 10, Windows 10 64-bit, and Windows 10 Professional editions is required to address the issue.