US-CERT (from the United States Computer Emergency Readiness Team) issued warnings about some vulnerabilities affecting Windows and Windows Server operating systems.
The organization he says that "a remote intruder could exploit these vulnerabilities to take control of a system."
The vulnerabilities reported by US-CERT are said to have already been fixed by Microsoft on 2018, and the company is giving more information in the reports CVE-2018-8611 and CVE-2018-8626 .
Let's look at what Microsoft says:
CVE-2018-8611 affects all supported client and server versions Windows 10 and Windows Server 2019.
"There is an elevation of privilege when the Windows kernel mishandles it"objects" in the memory. An attacker who could exploit the vulnerability could execute arbitrary code in kernel mode. The attacker could then install programs. to change, view and even delete data, or even create new accounts with administrator rights,” explains Microsoft.
In the case of CVE-2018-8626, Microsoft reports that there is a DNS server heap vulnerability Overflow of Windows that exists only in Windows 10, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019.
“A vulnerability exists that allows remote code execution on Windows Domain Name System (DNS) servers when they cannot properly handle requests. An attacker who could exploit the vulnerability could execute arbitrary code in the Local System context Account. Windows servers configured as DNS servers are at risk from this vulnerability,” Microsoft says.
The updates and for the two vulnerabilities can be installed immediately by Windows Update on all supported versions of Windows.
______________________