CVE-2018-8225

Name of the Vulnerable Software and Affected Versions Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers

Description A remote code execution issue exists in Windows Domain Name System (DNS) due to improper handling of DNS responses. This can be exploited by sending specially crafted DNS responses from a malicious DNS server, allowing remote attackers to execute arbitrary code in the context of the Local System Account.

Recommendations For Windows 7, apply the necessary patch to fix the DNSAPI.dll issue. For Windows Server 2012 R2, update the DNSAPI.dll component to prevent remote code execution. For Windows RT 8.1, restrict access to the DNS server to minimize the risk of exploitation. For Windows Server 2008, disable the DNSAPI.dll component until a patch is available. For Windows Server 2012, consider implementing additional security measures to prevent arbitrary code execution. For Windows 8.1, avoid using the DNS server until the issue is resolved. For Windows Server 2016, update the system to prevent remote attackers from executing arbitrary code. For Windows Server 2008 R2, restrict the use of the DNSAPI.dll component to minimize the risk of exploitation. For Windows 10, apply the necessary patch to fix the DNSAPI.dll issue. For Windows 10 Servers, update the DNSAPI.dll component to prevent remote code execution.