US CERT vulnerabilities warnings in Windows

US-CERT (from the United States Computer Emergency Readiness Team) issued warnings about some vulnerabilities affecting Windows and Windows Server operating systems.

The organization he says that "a remote intruder could exploit these vulnerabilities to take control of a system."US-CERT

The vulnerabilities reported by US-CERT are said to have already been fixed by Microsoft on 2018, and the company is giving more information in the reports CVE-2018-8611 and CVE-2018-8626 .

Let's look at what Microsoft says:

CVE-2018-8611 affects all supported client and server versions Windows 10 and Windows Server 2019.

There is an elevation of privilege when the Windows kernel does not handle "objects" in memory properly. An attacker that could exploit the vulnerability could execute arbitrary code on the kernel. The attacker could then install programs. to change, view and delete data, or even create new accounts with administrator privileges, "explains Microsoft.

In the case of CVE-2018-8626, Microsoft reports that there is a Windows DNS server heap overflow vulnerability that exists only in Windows 10, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.

There is a vulnerability that allows remote code execution on DNS (Windows Domain Name System) servers when requests cannot be handled properly. An attacker who can exploit the vulnerability could execute arbitrary code within the Local System Account. "Windows servers configured as DNS servers are vulnerable to this vulnerability," says Microsoft.

Updates for both vulnerabilities can be installed immediately from Windows Update on all supported versions of Windows.


Read them Technology News from all over the world, with the validity of

Follow us on Google News at Google news