11th December was Microsoft’s December 2018 Patch Tuesday, which means users had to update their computers to be protected from the latest threats to Windows and Microsoft products. Microsoft has fixed 39 vulnerabilities, with 10 of them being labeled as Critical.
Keeping up with its December 2018 Patch Tuesday, Microsoft announced on its blog that a vulnerability exists in Windows Domain Name System (DNS). There was not much information provided to the customers about how and when this vulnerability was discovered. The following details were released by Microsoft:
Microsoft Windows is prone to a heap-based buffer-overflow vulnerability. A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploits this issue may execute arbitrary code within the context of the affected application. Microsoft states that failed exploit attempts will result in a denial-of-service condition. Windows servers that are configured as DNS servers are at risk from this vulnerability.
Find a list of the affected systems on Microsoft’s Blog. The company has also provided users with security updates for the affected systems.
As of today, Microsoft has not identified any workarounds or mitigations for the affected systems.
Jake Williams, the founder of Rendition Security and Rally security, posted an update on Twitter about the issue, questioning why there is no sufficient discussion among the infosec community about the matter.
Many users responded saying that they too have been looking for explanations about the vulnerability but have not found any satisfying results.
Security intelligence blog reported on 11th December that the just-released Patch Tuesday for December fixes the Windows DNS Server Heap Overflow remote code execution (RCE) vulnerability. However, there has not been any information released by Microsoft on the analysis or details of the patch.
Users are also speculating that without pra oper understanding of the security patch, this vulnerability has the potential to be badly exploited.
You can head over to Microsoft’s official blog to know more about this vulnerability. Also, visit BleepingComputer for information on all security updates in December Patch Tuesday 2018.
Microsoft calls on governments to regulate Facial recognition tech now, before it is too late
‘Peekaboo’ Zero-Day Vulnerability allows hackers to access CCTV cameras, says Tenable Research
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…