Windows Server Vulnerability in WDS

There is a remote code execution vulnerability with a critical severity rating on Windows Servers (since 2008 SP2).  Microsoft disclosed the twelve vulnerabilities last November and supplied 62 patches. Servers which have not been upgraded are open to attack and should be patched asap. Specifically, CVE-2018-8476 impacts how Windows Deployment Services (“WDS”) Trivial File Transfer Protocol (“TFTP”)  Server handles objects in memory. The bug can be remotely exploited by an unauthenticated actor via a specially crafted TFTP message to gain access to a system or service, such as Active Directory, DHCP, DNS . . .etc. and there are no available workarounds.

For more information, please see: