Security News > 2019 > March > Windows Servers in danger of being compromised via WDS bug
Checkpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2. The bug was responsibly disclosed to Microsoft last year and was fixed last November, but there are likely still servers out there that haven’t been upgraded and are open to attack. About the vulnerability CVE-2018-8476 exists in the way that Windows Deployment Services (WDS) TFTP Server handles objects in memory. WDS is a popular Windows … More → The post Windows Servers in danger of being compromised via WDS bug appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Ry9d4eSG3b0/
Related news
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows Server 2025 released—here are the new features (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-14 | CVE-2018-8476 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers. | 9.8 |