DNS vulnerability: Patch your Windows Domain Controller

[German]Administrators in enterprise environment should update Windows Server urgently, as a vulnerability has been found in the DNS system that has existed since at least 2012.

It's an explicit security warning, which is now pointed out by various security specialists such as T-Systems Austria CERT.

Vulnerability CVE-2018-8626

There is a heap overflow vulnerability in the Windows DNS server (CVE-2018-8626). Windows Domain Name System (DNS) servers do not properly process requests. An attacker who successfully exploits the vulnerability could execute arbitrary code (remote code execution) within the Local System Account.

Windows servers configured as DNS servers are vulnerable to this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

Security updates to fix CVE-2018-8626

Microsoft has released security updates effective December 11, 2018 that address this vulnerability. This Microsoft Web site provides a list of updates for various versions of Windows Server that address this vulnerability.

Produkt KB-Artikel MS Update Catalog
Windows 10 Version 1607 4471321 Download
Windows 10 Version 1709 4471329 Download
Windows 10 Version 1803 4471324 Download
Windows 10 Version 1809 4471332 Download
Windows Server 2012 R2 4471320
4471322
Monthly Rollup
Security Only
Windows Server 2016 4471321 Download
Windows Server V1709 (Core) 4471329 Download
Windows Server V1803 (Core) 4471324 Download
Windows Server 2019 4471332 Download

The updates shown in the above table will be distributed via Windows Update, but may also be downloadable via Microsoft Update Catalog.

This entry was posted in Security, Windows and tagged , , . Bookmark the permalink.

3 Responses to DNS vulnerability: Patch your Windows Domain Controller

  1. Nick says:

    If I read your post correctly, Windows Server 2008/2008R2 are not vulnerable.

Leave a Reply

Your email address will not be published. Required fields are marked *