CVE-2018-8626
published 2018-12-12CVE-2018-8626: A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
21.12%
97.3th percentile
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_servers | — | — |
| microsoft | windows_10_servers | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012_r2 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2019 | — | — |
| msrc | windows_10_version_1607_for_32-bit_systems | — | — |
| msrc | windows_10_version_1607_for_x64-based_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target service is Windows DNS Server (dns.exe); monitor for anomalous/malformed inbound DNS requests to Windows DNS servers, particularly from unauthenticated sources, which may trigger a heap overflow. ↗
- →Successful exploitation results in code execution as Local System Account; monitor for unexpected child processes or privileged activity spawned from dns.exe. ↗
- →Affected platforms are Windows DNS Server roles on Windows Server 2012 R2, Server 2016, Server 2019, and Windows 10 Servers; scope detection to these OS versions running the DNS Server role. ↗
- ·Exploitation likelihood rated low by Microsoft for both latest and older software releases at time of disclosure; no in-the-wild exploitation confirmed. ↗
- ·The vulnerability was not publicly disclosed or exploited at time of advisory publication, limiting available public PoC-based signatures. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r9mj-8p57-hmj9: A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS
ghsa_unreviewed·2022-05-13
CVE-2018-8626 [CRITICAL] CWE-787 GHSA-r9mj-8p57-hmj9: A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests, aka "Windows DNS Server Heap Overflow Vulnerability." This affects Windows Server 2012 R2, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
Microsoft
Windows DNS Server Heap Overflow Vulnerability
vendor_msrc·2018-12-11·CVSS 9.8
CVE-2018-8626 [CRITICAL] Windows DNS Server Heap Overflow Vulnerability
Windows DNS Server Heap Overflow Vulnerability
Description: A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.
The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
Microsoft Windows DNS: Microsoft Windows DNS
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older So
No detection rules found.
No public exploits indexed.
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Exploits & Vulnerabilities
## Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research Dec 12, 2018 Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability ( CVE-2018-8611 ). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE-20
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Ausnutzung von Schwachstellen
## Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research Dec 12, 2018 Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability ( CVE-2018-8611 ). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Exploits & Vulnerabilities
# Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research
2018/12/12
Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE-2018-8
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Exploits y vulnerabilidades
## Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research Dec 12, 2018 Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability ( CVE-2018-8611 ). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE-2
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Exploits & Vulnerabilities
## Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research 2018/12/12 Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability ( CVE-2018-8611 ). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programs; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE-2018
Trendmicro
Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
blogs_trendmicro·2018-12-12·CVSS 7.8
CVE-2018-8611 [HIGH] Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
Exploits & Vulnerabilities
## Patch Tuesday Fixes Win32k, Windows DNS Server Flaws
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability (CVE-2018-8611).
By: Trend Micro Research Dec 12, 2018 Read time: ( words)
Save to Folio
The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation of Privilege Vulnerability ( CVE-2018-8611 ). The flaw allows an attacker to exploit a bug in the Windows Kernel and run arbitrary code to install programmes; view, change, or delete data; or create new accounts with full user rights. It is also pointed out as likely being used with other bugs in targeted attacks.
The patch release fixes another vulnerability that’s worth noting: CVE-
2018-12-12
Published