2 min read

11th December was Microsoft’s December 2018 Patch Tuesday, which means users had to update their computers to be protected from the latest threats to Windows and Microsoft products. Microsoft has fixed 39 vulnerabilities, with 10 of them being labeled as Critical.

Keeping up with its December 2018 Patch Tuesday, Microsoft announced on its blog that a vulnerability exists in Windows Domain Name System (DNS). There was not much information provided to the customers about how and when this vulnerability was discovered. The following details were released by Microsoft:

The Exploit

Microsoft Windows is prone to a heap-based buffer-overflow vulnerability. A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploits this issue may execute arbitrary code within the context of the affected application. Microsoft states that failed exploit attempts will result in a denial-of-service condition. Windows servers that are configured as DNS servers are at risk from this vulnerability.

Affected Systems

Find a list of the affected systems on Microsoft’s Blog. The company has also provided users with security updates for the affected systems.

Workarounds and Mitigations

As of today, Microsoft has not identified any workarounds or mitigations for the affected systems.

Jake Williams, the founder of Rendition Security and Rally security, posted an update on Twitter about the issue, questioning why there is no sufficient discussion among the infosec community about the matter.

Many users responded saying that they too have been looking for explanations about the vulnerability but have not found any satisfying results.

Security intelligence blog reported on 11th December that the just-released Patch Tuesday for December fixes the Windows DNS Server Heap Overflow remote code execution (RCE) vulnerability. However, there has not been any information released by Microsoft on the analysis or details of the patch.

Users are also speculating that without pra oper understanding of the security patch, this vulnerability has the potential to be badly exploited.

You can head over to Microsoft’s official blog to know more about this vulnerability. Also, visit BleepingComputer for information on all security updates in December Patch Tuesday 2018.

Read Next

Microsoft Connect(); 2018 Azure updates: Azure Pipelines extension for Visual Studio Code, GitHub releases and much more!

Microsoft calls on governments to regulate Facial recognition tech now, before it is too late

‘Peekaboo’ Zero-Day Vulnerability allows hackers to access CCTV cameras, says Tenable Research