Top 20 Critical Windows Server 2008 Vulnerabilities And Remediation Tips

Though Windows Server 2008—with features like hard drive encryption, ISV security programmability, and an improved firewall—is a significant leap forward in terms of security when compared to its predecessor Windows Server 2003, it is certainly not without its own security flaws. The following are the top 20 critical Windows Server 2008 vulnerabilities and tips on how to remediate them.

Top 20 Critical Windows Server 2008 Vulnerabilities

20. Windows Integer Underflow Vulnerability

CVE-2015-6130

An integer underflow in Uniscribe—Windows APIs that enable control of typography and complex script processing—could allow a remote attacker to execute arbitrary code via a specially crafted font. Underflow occurs with array index errors in which the index is negative.

19. Windows DNS Use After Free Vulnerability

CVE-2015-6125

A use-after-free vulnerability in the DNS server could allow remote attackers to execute arbitrary code via crafted requests. A use-after-free error occurs when a software application continues to use a pointer after it has been freed. 

18. Graphics Memory Corruption Vulnerability

CVE-2015-6108

Fonts vulnerabilities are a common entry point for remote attackers looking for an easy way in. In this case, the Windows font library could allow remote attackers to execute arbitrary code via a specially crafted embedded font.

17. Windows Journal Heap Overflow Vulnerability

CVE-2015-6097 

A heap-based buffer overflow in Windows Journal could allow attackers to execute arbitrary code via a specially crafted Journal (.jnt) file. Journal is Windows 8 Server's note taking application that saves notes as files with the .jnt extension.

16. Windows Journal RCE Vulnerability

CVE-2015-2530

This flaw—another Windows Journal vulnerability—could allow remote attackers to execute arbitrary code via a specially crafted .jnt file.

15. Toolbar Use-After-Free Vulnerability

CVE-2015-2515

This particular Windows Server 2008 use-after-free vulnerability could allow a remote attacker to execute arbitrary code with a specially crafted toolbar object.

14. Graphics Component Buffer Overflow Vulnerability

CVE-2015-2510

A buffer overflow in the Adobe Type Manager Library in Windows Server 2008 could allow remote attackers to execute arbitrary code via a specially crafted OpenType font.

13. Windows Media Center RCE Vulnerability

CVE-2015-2509

Windows Media Center in Windows Server 2008 could allow a user-assisted remote attacker to execute arbitrary code via a specially crafted Media Center link (MCL) file. MCL files consist of XML definitions that describe a Windows Media Center resource. 

12. OpenType Font Parsing Vulnerability

CVE-2015-2506 

The atmfd.dll file in the Adobe Type Manager Library of Microsoft Windows Server 2008 could allow remote attackers launch a denial-of-service (DoS) attack using a specially crafted OpenType font.

11. Server Message Block Memory Corruption Vulnerability

CVE-2015-2474

This Windows Server 2008 vulnerability could allow remote authenticated users to execute arbitrary code via a specially crafted string in a Server Message Block (SMB) server error-logging action.

10. Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability

CVE-2015-2473

Windows 2008 Server's Remote Desktop Protocol (RDP) client contains an untrusted search path vulnerability that could allow local users to gain privileges via a Trojan horse DLL in the current working directory.

9. TrueType Font Parsing Vulnerability

CVE-2015-2464 

Font vulnerabilities are a popular way for attackers to gain access to a system, and this particular Windows Server 2008 flaw could allow remote attackers to execute arbitrary code via a specially crafted TrueType font.

8. Windows Filesystem Elevation of Privilege Vulnerability

CVE-2015-2430 

This flaw in Windows Server 2008 could allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a specially crafted application.

7. OpenType Font Driver Vulnerability

CVE-2015-2426 

Another buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library could allow remote attackers to execute arbitrary code via a specially crafted OpenType font.

6. Microsoft Common Control Use-After-Free Vulnerability

CVE-2015-1756 

This use-after-free vulnerability in Microsoft Common Controls could allow user-assisted remote attackers to execute arbitrary code via a specially crafted web site accessed with the F12 Developer Tools feature of Internet Explorer.

5. Microsoft Schannel Remote Code Execution Vulnerability

CVE-2014-6321

Schannel in Windows Server 2008 could allow a remote attacker to execute arbitrary code via specially crafted packets.

4. Comctl32 Integer Overflow Vulnerability

CVE-2013-3195 

A flaw in the DSA_InsertItem function in Comctl32.dll in the Windows common control library prevents it from allocating memory correctly, which could in turn allow a remote attacker to execute arbitrary code via a specially crafted value in an argument to an ASP.NET web application.

3. Remote Procedure Call Vulnerability

CVE-2013-3175 

A flaw in Windows Server 2008 could allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request.

2. HTTP.sys Remote Code Execution Vulnerability

CVE-2015-1635 

A vulnerability in Windows Server 2008's HTTP.sys file could allow remote attackers to execute arbitrary code via specially crafted HTTP requests.

1. Windows Telnet Service Buffer Overflow Vulnerability

CVE-2015-0014 

The Telnet service in Windows Server 2008 is vulnerable to buffer overflows attacks, which could allow remote attackers to execute arbitrary code specially via crafted packets.

Summary 

Unpatched software is by far the leading cause of data breaches these days; for this reason, keeping your Windows Server 2008 deployments updated on a continual basis is critical to preventing system compromises. However, validating and monitoring the security and consistency of configurations across large Windows environments—in the data center, cloud, or hybrid infrastructures—can be a challenge on an ongoing basis. UpGuard's platform for continuous security monitoring makes this a trivial affair through constant, policy-driven validation, ensuring that critical vulnerabilities never reach production environments.

Ready to see
UpGuard in action?