US-CERT warns of weaknesses in security in Windows
The United States Computer Emergency Readiness Team (US-CERT) released an Advisory about vulnerabilities that affect Microsoft Windows and Windows Server. The organization said "a remote attacker can exploit this vulnerability to control the affected system".
This vulnerability was corrected by Microsoft as part of the December 2018 Patch Tuesday cycle, and the company provided further information in CVE-2018-8611 and CVE-2018-8626 advisories.
First and foremost, CVE-2018-8611 is an increase in Windows kernel privileges that affects all supported Windows clients and server versions, including Windows 10 and Windows Server 2019.
"An elevation of privilege vurnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; "Create new accounts with full user rights", said Microsoft.
Successful attacks require a malicious actor to enter the system and then run an artificial application that will give full control over the affected machine. Microsoft said its weaknesses had been exploited, but given that it was not disclosed to the public, the impact had been significantly reduced.
Patch is available now.
In the case of CVE-2018-8626, Microsoft is resolving a heap overflow Windows DNS server vulnerability that only exists on Windows 10, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
"A remote code execution vulnerability exists in the Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability, " said Microsoft.
The attack depends on the Malicious Request sent to the Windows DNS server even without authentication. Patches for both vulnerabilities can be downloaded from Windows Update on all supported versions of Windows.
Source: News.Softpedia
0 Response to "US-CERT warns of weaknesses in security in Windows"
Post a Comment