Critical DNS Server Heap Overflow Vulnerability could allow Remote Code Execution (Critical, CVE-2018-8626)

Critical

This week, for its December 11th 2018 Patch Tuesday, Microsoft released a security update for supported versions of Windows Server acting as DNS Servers. As many Domain Controllers are installed and configured as such, this is a serious vulnerability.

The update addresses the vulnerability by modifying how Windows DNS servers handle requests.

        

About the vulnerability

A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers, when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows Server installations that are configured as DNS servers are at risk from this vulnerability.

To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

The vulnerability was reported by Mitch Adair from the Microsoft Windows Enterprise Security Team. It is catalogued as CVE-2018-8626 and rated Critical.

Affected Operating Systems

Windows versions and Windows Server versions beyond Windows Server 2012 R2 are affected. Both Full installations and Server Core installations are affected.

Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

        

About the update

The update addresses the vulnerability by modifying how Windows DNS servers handle requests.

To apply the update, install the following update per Windows and/or Windows Server version:

Windows Server 2012 R2 KB4471320 or KB4471322
Windows Server 2016

KB4471321
Windows Server 2019 KB4471332
Windows Server, version 1709 KB4471329
Windows Server, version 1803 KB4471324

         

Known issues

Microsoft is not currently aware of any issues with this update.

   

Call to Action

I urge you to install the necessary security updates on Windows Server installations, running as (Active Directory Domain Controllers and) DNS servers, in a test environment as soon as possible, assess the risk and possible impact on your production environment and then, roll out this update to Windows Server installations, running as (Active Directory Domain Controllers and) DNS Servers, in the production environment.

Further reading

Zero Day Initiative – The December 2018 Security Update Review 
NIST – CVE-2018-8626 Detail 
Microsoft Windows DNS Server CVE-2018-8626 Heap Buffer Overflow Vulnerability 
It’s December of 2018 and, to hell with it, just patch your stuff  
Dec 2018 Patch Tuesday: Microsoft patches Windows zero-day exploited in the wild

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.