[IS&T Security-FYI] Critical Remote Code Execution Vulnerability in Microsoft DNSAPI

Jessica Murray jlmurray at mit.edu
Mon Jun 18 16:51:45 EDT 2018 

Hello IT Partners, Security SIG and IST Security FYI,

On June 12, 2018, Microsoft released their monthly patches, including several relating to critical vulnerabilities. The most concerning patch<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8225> relates to a remote code execution vulnerability in the DNSAPI dynamic link library. The DNSAPI is used for Domain Name System (DNS) resolution and is a required component for a Windows-based machine to communicate over a computer network.

This vulnerability allows an attacker to remotely execute code in the context of the local system account (NT Authority\SYSTEM) by forcing the target system to make a DNS query to a malicious DNS server. The responsive DNS query is then relayed to the originally intended target DNS system and the vulnerability is exploited. DNS queries are one of the most common network activities performed, and an attacker may have several ways to trick a machine into initiating such a malicious DNS query.

No known exploits exist in the wild at time of publishing this report. Given the ease at which this vulnerability could be exploited and the impact upon exploitation, a concern exists that this threat could easily be adapted into a wormable exploit. This outcome would likely result in exploitation that could occur at a rapid pace.

Platforms affected include all versions of the following operating systems: Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.

For those subscribed to the MIT Windows Automatic Update Service (WAUS), these patches were released last Thursday and no further action needs to be taken. For all others, IS&T strongly recommends that you install the June Cumulative Security Update and restart affected machines as soon as possible. There are no known workarounds short of disabling network interfaces on a vulnerable system.

If you have any questions or require assistance, contact the IS&T Service Desk<https://ist.mit.edu/help>.

Further Reading
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8225
https://www.zerodayinitiative.com/blog/2018/6/12/the-june-2018-security-update-review

Best,
Jessica


Jessica Murray
Information Security Officer
Information Systems and Technology
Massachusetts Institute of Technology




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20180618/d545c2dc/attachment.html

More information about the ist-security-fyi mailing list