[High Risk Vulnerability Alert] Windows Kernel Privilege Escalation Vulnerability
Posted Date 3/31/2018
On March 30, 2018, Alibaba Cloud Security Emergency Response Center noticed that Microsoft officially released Windows 7 x64 and Windows Server 2008 R2 security patches (CVE-2018-1038) to resolve the high-risk kernel privilege escalation loopholes after the users installed Microsoft security patches during the January-March period.
Alibaba Cloud Platform itself is not affected by this vulnerability. Alibaba Cloud Security Emergency Response Center would recommend that you conduct self-inspection as soon as possible and update patches in time to prevent attackers from using the vulnerability to initiate privilege escalation attacks.
Affected Products:
Windows7 x64
Windows Server 2008 R2 x64
Solution:
To update patches timely based on business conditions to improve server security.
Option 1:
1. It is recommended that users turn on the Windows Update function, and then click the "Check for Updates" button to download and install relevant security patches according to business conditions.
2. After the installation is complete, restart the server and check the system operation.
Option 2:
1. Download the patch directly, the patch link is: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4100480
2. After the installation is complete, restart the server and check the system operation.
Note: Before updating, it is recommended that you test in advance, and be sure to back up your data and make snapshots to prevent accidents.
We will follow up the progress, please pay attention to the official announcement. If you have any questions, feel free to contact us by submitting a ticket.
Alibaba Cloud
Alibaba Cloud Platform itself is not affected by this vulnerability. Alibaba Cloud Security Emergency Response Center would recommend that you conduct self-inspection as soon as possible and update patches in time to prevent attackers from using the vulnerability to initiate privilege escalation attacks.
Affected Products:
Windows7 x64
Windows Server 2008 R2 x64
Solution:
To update patches timely based on business conditions to improve server security.
Option 1:
1. It is recommended that users turn on the Windows Update function, and then click the "Check for Updates" button to download and install relevant security patches according to business conditions.
2. After the installation is complete, restart the server and check the system operation.
Option 2:
1. Download the patch directly, the patch link is: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4100480
2. After the installation is complete, restart the server and check the system operation.
Note: Before updating, it is recommended that you test in advance, and be sure to back up your data and make snapshots to prevent accidents.
We will follow up the progress, please pay attention to the official announcement. If you have any questions, feel free to contact us by submitting a ticket.
Alibaba Cloud