Executive Summary
Microsoft is aware of a vulnerability involving DNS cache poisoning caused by IP fragmentation that affects Windows DNS Resolver. An attacker who successfully exploited this vulnerability could spoof the DNS packet which can be cached by the DNS Forwarder or the DNS Resolver.
For more information see the Workaround sections of this advisory.
Update & Detail Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver