HomeWinBuzzer NewsMicrosoft Recently Patched Two Windows 10 Vulnerabilities

Microsoft Recently Patched Two Windows 10 Vulnerabilities

US-CERT has disclosed two vulnerabilities in Windows 10 and Windows Server, which Microsoft patched last month.


A new vulnerability has been described in 's Windows and products. The United States Computer Emergency Readiness Team (US-CERT) says “a remote attacker could exploit these vulnerabilities to take control of an affected system.”

In an advisory, US-CERT says Microsoft fixed the flaws during its December event last month. You can find both of the vulnerabilities listed by the company as CVE-2018-8611 and CVE-2018-8626.

CVE-2018-8611 is described as a kernel elevation that occurs across all Windows and Windows Server clients.

“An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft explains.

To exploit the flaw, and attacker would need physical access to the system to run a custom application. Once installed, the bad actor would have complete control over the PC. Microsoft confirmed this vulnerability was successfully exploited although it was never disclosed.


As for CVE-2018-8626, the vulnerability caused a Windows DNS server heap overflow that occurred in , Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.

“A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability,” Microsoft says.

An attacker would need to send malicious requests to Windows DNS without authentication to implement an attack.

Microsoft has sent out two patches to solve the issues. Users should have received the updates last month during Patch Tuesday.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News