[SingCERT] Alert on Windows DNS Server Vulnerability (CVE-2018-8626)

Published on Thursday, 13 December 2018 16:51

Background

A Domain Name System (DNS) is a naming system for the Internet that translates readable domain names to information such as Internet Protocol (IP) addresses. A Microsoft Windows server, such as a domain controller, is typically configured as a DNS server by default. A remote code execution vulnerability in the Windows DNS server implementation has been reported and assigned the CVE number CVE-2018-8626. This vulnerability has a Common Vulnerability Scoring System score of 9.8 out of 10.


Affected Products

The following Microsoft Windows operating systems* are affected:
•   Windows 10
•   Windows Server 2012, 2012 R2, 2016, 2019
•   Windows 10 Servers

*Note: Please refer to reference [1] for more details.


Impact

When successfully exploited, this vulnerability could allow an unauthenticated attacker to execute arbitrary code on a targeted system and take complete control of the server. Thereafter, the attacker could perform a variety of malicious activities such as installing programs, creating new accounts with administrator rights, and viewing, changing, or deleting data.


Recommendations

Microsoft has released software updates to address the vulnerability. System administrators are advised to apply the security patch on the affected Windows operating systems immediately.


References

[1] https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8626
[2] https://blog.trendmicro.com/trendlabs-security-intelligence/december-patch-tuesday-year-end-batch-addresses-win32k-elevation-of-privilege-and-windows-dns-server-vulnerabilities/