Microsoft has published a cluster of DNS-related security advisories covering remote code execution, denial of service, cache poisoning, heap overflow, and access-control bypass conditions across Windows DNS Server and third-party DNS components. The newly listed issues include CVE-2026-33278 for possible arbitrary code execution during DNSSEC validation, CVE-2026-42959 for crashes triggered by malicious DNSSEC content, CVE-2026-42960 for possible cache poisoning through promiscuous authority-section records, and CVE-2026-42944 for a heap overflow involving multiple NSID, COOKIE, and PADDING EDNS options. Additional advisories describe degradation-of-service conditions tied to long EDNS option lists (CVE-2026-41292), unbounded name compression (CVE-2026-44390), and a "packet of death" affecting DNSCrypt (CVE-2026-32792).
The disclosures also reference flaws in widely used DNS software, including a BIND 9 resolver unbounded resend loop (CVE-2026-5950), invalid handling of CLASS != IN (CVE-2026-5946), and a CoreDNS ACL bypass (CVE-2026-26017). Earlier Microsoft advisories for Windows DNS Server remote code execution, including CVE-2021-33754 and CVE-2021-33746, show that DNS services remain a recurring high-impact target because they are network-exposed and central to enterprise operations. For defenders, the combined set of advisories highlights the need to prioritize patching DNS infrastructure, review exposure of DNSSEC, EDNS, and DNSCrypt features, and monitor for service instability or anomalous DNS responses that could indicate exploitation attempts.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Microsoft published advisories for CVE-2026-5950, an unbounded resend loop in the BIND 9 resolver, and CVE-2026-5946, invalid handling of CLASS != IN. These disclosures added further DNS software flaws to the set of Microsoft-tracked issues.
Microsoft published advisories for several DNS vulnerabilities on the same day, including possible arbitrary code execution during DNSSEC validation (CVE-2026-33278), a crash during DNSSEC validation of malicious content (CVE-2026-42959), cache poisoning via promiscuous authority records (CVE-2026-42960), performance degradation from long EDNS option lists (CVE-2026-41292), unbounded name compression degradation of service (CVE-2026-44390), a DNSCrypt packet-of-death issue (CVE-2026-32792), and a heap overflow involving multiple EDNS options (CVE-2026-42944).
Microsoft published guidance for CVE-2026-26017, described as a CoreDNS ACL bypass vulnerability. The advisory indicates a new DNS-related security issue was formally tracked and disclosed by Microsoft.
Microsoft disclosed CVE-2021-33754 and CVE-2021-33746 as Windows DNS Server remote code execution vulnerabilities and indicated security updates were available. For CVE-2021-33754, Microsoft rated the issue Important, said it was not publicly disclosed or exploited in the wild at publication, and assessed exploitation as less likely.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
12 references tracked. Mallory keeps watching after this page renders.
msrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourcemsrc.microsoft.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.