Windows News and info 15th Anniversary 2009-2024

Windows 11 | Windows 10 Modifying => Patch Tuesday| Updates | Security | Privacy | Anti-virus => Topic started by: javajolt on January 05, 2019, 11:19:30 AM

Title: Better patch Windows Server ASAP as remotely exploitable vulnerability found
Post by: javajolt on January 05, 2019, 11:19:30 AM
(http://i.postimg.cc/zXWx1Rc7/hacker.jpg)
IT staff are not often the fastest to install patches, lest they cause more issues than they solve, but a new vulnerability in all versions of Windows 10 and Windows Server suggests they may need to rethink that policy.

The CERT Coordination Center (CERT/CC) today issued CVE-2018-8626 (http://portal.msrc.microsoft.com/en-US/eula) for a Windows DNS server heap overflow vulnerability. The remote code execution flaw in Windows DNS servers will allow unauthorized actors to run arbitrary code in the context of the Local System Account. Windows PCs and servers configured as DNS servers are at risk.

As if synchronized, Microsoft also issued an advisory for CVE-2018-8611 (http://portal.msrc.microsoft.com/en-US/eula), a Windows kernel elevation of privilege bug that would let a hacker run arbitrary code in kernel mode. They could then install programs and view, change, or delete data, or create new accounts with full user rights.

Fortunately, the DNS server exploit has not been released yet, but smarter hackers are often able to reverse engineer exploits from patches. The privilege elevation vulnerability is already being exploited in the wild.

US-CERT, meanwhile, today advised users and system administrators to review CERT's vulnerability notes VU#289907 (http://www.kb.cert.org/vuls/id/289907/) and VU#531281 (http://www.kb.cert.org/vuls/id/531281/).

Read more details here (http://www.us-cert.gov/ncas/current-activity/2019/01/04/CERTCC-Reports-Critical-Vulnerabilities-Microsoft-Windows-Server).

Read more about the exploits and find the download links for the patches at the links above.

source (http://mspoweruser.com/better-patch-windows-server-asap-are-remotely-exploitable-vulnerability-found/)