Windows and Windows Server Vulnerabilities Could Allow Full Control of Affected Systems

The US-CERT (United States-Computer Emergency Readiness Team) issued an advisory regarding two vulnerabilities found in Microsoft Windows and Windows Server. Successful exploitation of either vulnerability could allow a remote threat actor to take control of an affected system. CVE-2018-8611 is a Windows kernel elevation of privilege flaw affecting all supported Windows client and server versions, while CVE-2018-8626 is a Windows DNS (Domain Name System) server heap overflow flaw affecting Windows servers configured as DNS servers. Microsoft patched both vulnerabilities, among others, in the January Patch Tuesday update. The NJCCIC recommends Windows users apply the most recent update.