Windows DNS Server heap overflow vulnerability
A remote code execution vulnerability has been identified in Windows Domain Name System (DNS) servers where they fail to properly handle certain requests. This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, and Windows 10.
An attacker who successfully exploits this vulnerability could run arbitrary code in the context of the Local System Account.
How does this affect your organisation?
In most cases Windows DNS servers are used within organisations but not exposed to the internet. This will limit the exposure of most organisations but not mitigate all potential attack vectors (such as internal threats). Customers are recommended to review their environment and apply the appropriate security patches in their next security patch cycle.
If you are a customer of AC3 Managed Services, AC3 will be in contact to organise an appropriate window to apply these patches.
For more information about this vulnerability please refer to the links at the end of this alert.
Threat rating and recommendation
Based on information available at the time of this notice, we have classified this threat as Warning.
Customers are recommended to review their environment and apply the appropriate patches in their next security patch cycle. If you have an internet facing Windows DNS server it is recommended to apply the appropriate patches as soon as possible.
Advice - no urgent remediation action required
Warning - watch and act
Action required - urgent remediation action required
More information
More information about this security vulnerability is available at the links below.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8626
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8626