Update for DNS Devolution - Microsoft Security Advisory – 971888 has been published.

What is the article about?
A malicious user could host a system with a single-label name outside of an organization's boundary and due to DNS devolution may successfully get a Windows DNS client to connect to it as though it were internal to the organizational boundary.

Please ensure that you fully understand, and have tested the effects of this update before deploying it in your organization as the behavior of DNS resolution that you currently rely on may be affected.

After the update is installed, the DNS resolver will only perform devolution to a level based on the domain settings of the Windows client, potentially breaking any applications or configurations that rely on this behavior

The DNS update will not be published on Windows Update, and will only be available on the Download Center.