Vulnerability Found On Windows Servers via WDS
Checkpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2. Twelve vulnerabilities were identified in November 2018 when Microsoft supplied 62 patches. However, some servers have not been upgraded and are still open to attack. This vulnerability affects how Windows Deployment Services (WDS) Trivial File Transfer Protocol (TFTP) Server handles objects in memory, which is widely accessible to anyone connected via LAN port, and therefore, allows threat actors to take over a system and other services such as DNS and Active Directory. The NJCCIC strongly advises all Microsoft users operating WDS to patch systems as updates become available. HelpNet Security provides more details on the Windows Servers vulnerability and updates here.