CERT/CC issues an alert about critical vulnerabilities in Microsoft Windows, Server
At present, CERT announced two serious security vulnerabilities discovered by Kaspersky Lab. The vulnerability affects Windows and Windows Server operating systems.
For ordinary users, it is not a big problem to install cumulative updates in time, mainly because IT administrators need to be vigilant this time.
CVE-2018-8611 | Windows Kernel Elevation of Privilege Vulnerability
A privilege escalation vulnerability occurs when the kernel is unable to properly handle objects in memory, and an attacker can exploit this vulnerability to execute code in kernel mode.
For example, an attacker can install malware directly by executing code, or view changes to delete user data and create an account with the same permissions.
To exploit this vulnerability, an attacker must first log in to the system and then run a specially crafted application to trigger a vulnerability and use this to control the affected system.
This vulnerability affects all versions of Windows 7 to Windows Server 2019, and Microsoft has fixed the vulnerability in a cumulative update in December 2018.
CVE-2018-8626 | Windows DNS Server Heap Overflow Vulnerability
Compared with the previous vulnerability enterprise IT administrators should pay attention to this remote code execution vulnerability because this vulnerability is relatively simple to exploit and harmful to enterprises.
Microsoft said the vulnerability was triggered when the Windows DNS Domain Name System server was unable to process the request correctly and the attacker could operate remotely.
An attacker who successfully exploited this vulnerability could execute arbitrary code in the local system account. Servers configured as DNS servers are at risk from this vulnerability.
This vulnerability affects all versions from Windows Server 2008 R2 to Windows Server 2019, so administrators need to install updates in a timely manner.
In addition, Windows 10 systems will also be affected if DNS server-related features are enabled, but the main impact is on the server system.