Updated May 12, 2019 06:07:15A vulnerability in the DNS-based protocol used by Google and its partners to resolve domain names in the wild could allow attackers to remotely execute code in the targeted domains.
This could enable an attacker to compromise the targeted sites by leveraging a DNS injection attack or by exploiting an in-memory DNS vulnerability.
The vulnerability affects DNS clients, DNS servers, and a subset of DNS servers that support dynamic DNS.
It is not a vulnerability in DNS itself.
The vulnerability has been publicly disclosed by Symantec in April and it has been fixed by Google, Symantel and Google Cloud in June, according to the Internet Engineering Task Force (IETF) Advisory.
It is the second major DNS vulnerability since January 2018, when Microsoft fixed an inbound injection vulnerability in Windows DNS that allowed an attacker with physical access to compromise sites.
This vulnerability is described in the Cisco Vulnerability Database (CVE-2017) as a remote code execution vulnerability, but it could also be described as a data integrity issue because it allows an attacker who holds sensitive data to execute arbitrary code in a domain that is being managed by the domain controller.
Google has fixed the DNS injection issue, but Google Cloud still supports the DNS protocol.
Microsoft’s fix for this vulnerability, which was released in March 2018, also applies to other implementations of the DNS service and it does not affect Google Cloud DNS servers.
Google Cloud DNS and other implementations have also been vulnerable to in-process DNS injection attacks.
In an email, Google security manager Matt Gorman said the company fixed the exploit because it has always been our goal to support DNS servers in the Internet that support Dynamic DNS.
The DNS-as-a-service protocol was added to the DNS standard in 2003 and it allows DNS servers to respond to requests and responses in a highly-available manner, according the company.
“Google is always committed to protecting the integrity of DNS records and the DNS network by ensuring DNS servers are up-to-date with current best practices and technologies,” Gorman wrote in an email.
Google says it has addressed the issue since the update was issued and it recommends users upgrade to a newer version of its DNS-only DNS service.
Google said the exploit was not widely used in the internet community, but the company had not yet been able to independently test its DNS security capabilities in an investigation that was not expected to be a public one.
“We do not have an easy answer for how this exploit could be used to compromise Google’s DNS servers,” Gormer said in an emailed statement.
“However, we strongly recommend that users upgrade their DNS services as soon as possible to make sure their DNS server is up- to-date.
The risk of this exploit is low and we strongly encourage anyone using Google’s services to update.”
Google did not provide any details about the vulnerability it fixed, and it is not clear how widespread the issue was.
It said it is working to fix the issue and that it is continuing to improve its DNS service, including by implementing improved security policies, improved auditing and reporting and improving how it uses and stores its DNS data.
Google’s DNS is used to deliver Google services, including Google Search and Google Maps, and the company’s DNS service also provides information about its user data to third parties.
Google did acknowledge that it was aware of the vulnerability and that the DNS servers had been updated and Google had added security features to mitigate the risk.
Google does not make any statements about vulnerabilities in its DNS, but in a blog post in April, the company said that it did not yet know if this vulnerability could be exploited remotely.
Google said it did plan to address the vulnerability by releasing updates for DNS servers and the services that provide them, but this update would not address this vulnerability.
In the blog post, Google said the vulnerability was only discovered this month and that there was no indication that it could be remotely exploited.
“This is not an outlier vulnerability that was discovered by a security researcher and disclosed to Google,” Gollner wrote.
Google has the utmost respect for our customers and we will provide them the best possible service.””
As Google continues to improve DNS functionality across all of its products, we will continue to report any new security issues as they occur.
Google has the utmost respect for our customers and we will provide them the best possible service.”
Google does have an inbuilt security feature that can be used by DNS servers for a few years to prevent the DNS server from receiving DNS requests and responding to them, Goller wrote.
But that feature, known as DNSSEC, is not activated in Google DNS servers as it was in the case of the other vulnerabilities listed in the advisory.
“If an attacker is able