A new vulnerability has been described in Microsoft’s Windows and Windows Server products. The United States Computer Emergency Readiness Team (US-CERT) says “a remote attacker could exploit these vulnerabilities to take control of an affected system.”
In an advisory, US-CERT says Microsoft fixed the flaws during its December Patch Tuesday event last month. You can find both of the vulnerabilities listed by the company as CVE-2018-8611 and CVE-2018-8626.
CVE-2018-8611 is described as a kernel elevation that occurs across all Windows and Windows Server clients.
“An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft explains.
To exploit the flaw, and attacker would need physical access to the system to run a custom application. Once installed, the bad actor would have complete control over the PC. Microsoft confirmed this vulnerability was successfully exploited although it was never disclosed.
As for CVE-2018-8626, the vulnerability caused a Windows DNS server heap overflow that occurred in Windows 10, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
“A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability,” Microsoft says.
An attacker would need to send malicious requests to Windows DNS without authentication to implement an attack.
Microsoft has sent out two patches to solve the issues. Users should have received the updates last month during Patch Tuesday.