This week, for its December 11th 2018 Patch Tuesday, Microsoft released a security update for supported versions of Windows Server acting as DNS Servers. As many Domain Controllers are installed and configured as such, this is a serious vulnerability.
The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
About the vulnerability
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers, when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows Server installations that are configured as DNS servers are at risk from this vulnerability.
To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.
The vulnerability was reported by Mitch Adair from the Microsoft Windows Enterprise Security Team. It is catalogued as CVE-2018-8626 and rated Critical.
Affected Operating Systems
Windows versions and Windows Server versions beyond Windows Server 2012 R2 are affected. Both Full installations and Server Core installations are affected.
Mitigations
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds
Microsoft has not identified any workarounds for this vulnerability.
About the update
The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
To apply the update, install the following update per Windows and/or Windows Server version:
Windows Server 2012 R2 | KB4471320 or KB4471322 |
Windows Server 2016 | KB4471321 |
Windows Server 2019 | KB4471332 |
Windows Server, version 1709 | KB4471329 |
Windows Server, version 1803 | KB4471324 |
Known issues
Microsoft is not currently aware of any issues with this update.
Call to Action
I urge you to install the necessary security updates on Windows Server installations, running as (Active Directory Domain Controllers and) DNS servers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, running as (Active Directory Domain Controllers and) DNS Servers, in the production environment.
Further reading
Zero Day Initiative – The December 2018 Security Update Review
NIST – CVE-2018-8626 Detail
Microsoft Windows DNS Server CVE-2018-8626 Heap Buffer Overflow Vulnerability
It's December of 2018 and, to hell with it, just patch your stuff
Dec 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild
Login