2 min read
Keeping up with its December 2018 Patch Tuesday, Microsoft announced on its blog that a vulnerability exists in Windows Domain Name System (DNS). There was not much information provided to the customers about how and when this vulnerability was discovered. The following details were released by Microsoft:
Microsoft Windows is prone to a heap-based buffer-overflow vulnerability. A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploits this issue may execute arbitrary code within the context of the affected application. Microsoft states that failed exploit attempts will result in a denial-of-service condition. Windows servers that are configured as DNS servers are at risk from this vulnerability.
Find a list of the affected systems on Microsoft’s Blog. The company has also provided users with security updates for the affected systems.
Workarounds and Mitigations
As of today, Microsoft has not identified any workarounds or mitigations for the affected systems.
Jake Williams, the founder of Rendition Security and Rally security, posted an update on Twitter about the issue, questioning why there is no sufficient discussion among the infosec community about the matter.
Yesterday, Microsoft announced there's a remotely exploitable heap overflow in MS DNS on Server 2012R2 and later. Infosec, how are we not talking about this?! https://t.co/nkF2pcBA84
— Jake Williams (@MalwareJake) December 12, 2018
Many users responded saying that they too have been looking for explanations about the vulnerability but have not found any satisfying results.
I've been trying to find more information but coming up emptyhanded… quite curious if this requires a crafted request to be sent directly to the server or if it might be delivered by an unwitting recursive.
— / spek-ˈt(r)ä-fə-gəs / (@spectrophagus) December 12, 2018
Security intelligence blog reported on 11th December that the just-released Patch Tuesday for December fixes the Windows DNS Server Heap Overflow remote code execution (RCE) vulnerability. However, there has not been any information released by Microsoft on the analysis or details of the patch.
Users are also speculating that without pra oper understanding of the security patch, this vulnerability has the potential to be badly exploited.
Rated as a CVSS 9.8, 3.9 temporal, 8.8 overall. 'Low probability of exploitation.' Which I can't disagree with given the limited tech data available and no analysis of the patch. But I still want my customers to patch IMMEDIATELY. This has the potential to get VERY bad VERY fast.
— Greg Scheidel (@Greg_Scheidel) December 13, 2018
You can head over to Microsoft’s official blog to know more about this vulnerability. Also, visit BleepingComputer for information on all security updates in December Patch Tuesday 2018.