Vulnerabilities in Windows and Windows Server Identified

Vulnerabilities in Windows and Windows Server Identified

A cybersecurity advisory was issued yesterday, Monday, Jan. 7, 2019, regarding multiple vulnerabilities in Microsoft Windows and Windows Server. Successful exploitation of these vulnerabilities could allow arbitrary code execution.

What It Is:
Multiple vulnerabilities have been discovered in Microsoft Windows and Windows Server, the most severe of which could allow for code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining local system account privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Learn more about the Windows Kernel Elevation of Privilege Vulnerability and the Windows DNS Server Heap Overflow Vulnerability from Microsoft.

Threat Intelligence:
There are currently no reports of these vulnerabilities being exploited in the wild.

What It Means:
If your business or organization uses Microsoft Windows or Windows Server, you will need to apply the patches after appropriate testing to prevent a possible security breach.

Systems Affected Include:

• Windows 10 Version 1607 for 32-bit Systems and x64-based Systems
• Windows 10 Version 1709 for 32-bit Systems, 64-based Systems, and ARM64-based Systems
• Windows 10 Version 1803 for 32-bit Systems, ARM64-based Systems, and x64-based Systems
• Windows 10 Version 1809 for 32-bit Systems, ARM64-based Systems, and x64-based Systems
• Windows Server 2012 R2 and Server Core installation
• Windows Server 2016 and Server Core installation
• Windows Server 2019 and Server Core installation
• Windows Server, versions 1709 and 1803 (Server Core Installation for both versions)
• Windows 10 for 32-bit Systems and x64-based Systems
• Windows 10 Version 1703 for 32-bit Systems and x64-based Systems
• Windows 7 for 32-bit Systems Service Pack 1 and x64-based Systems Service Pack 1
• Windows 8.1 for 32-bit systems and x64-based systems
• Windows RT 8.1
• Windows Server 2008 for 32-bit Systems Service Pack 2 and Server Core installation
• Windows Server 2008 for Itanium-Based Systems Service Pack 2, x64-based Systems Service Pack 2, and Server Core installation
• Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1, x64-based Systems Service Pack 1, and Server Core installation
• Windows Server 2012 and Server Core installation

Risk:
Government:
• Large and medium government entities: High
• Small government entities: Medium
Businesses:
• Large and medium business entities: High
• Small business entities: Medium
Home users: Low

Technical Summary:
Vulnerabilities have been discovered in Microsoft Windows and Windows Server, which could allow for arbitrary code execution:

•A vulnerability exists in the Microsoft Windows Kernel Transaction Manager (KTM) that could allow for local privilege escalation due to failing to properly handle memory objects. This vulnerability can also be used to escape the sandbox of modern web browsers such as Edge and Chrome. (CVE-2018-8611)
•A heap overflow vulnerability exists in Microsoft DNS servers that could allow unauthenticated remote attackers to run arbitrary code as the local system account. (CVE-2018-8626)
Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining local system account privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

What To Do:
We recommend the following actions be taken:

• Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing
• Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
• Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
• Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
• Apply the Principle of Least Privilege to all systems and services.

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with the detection of vulnerabilities in any of the above products or updates to include patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.