Though Windows Server 2008—with features like hard drive encryption, ISV security programmability, and an improved firewall—is a significant leap forward in terms of security when compared to its predecessor Windows Server 2003, it is certainly not without its own security flaws. The following are the top 20 critical Windows Server 2008 vulnerabilities and tips on how to remediate them.
20. Windows Integer Underflow Vulnerability
An integer underflow in Uniscribe—Windows APIs that enable control of typography and complex script processing—could allow a remote attacker to execute arbitrary code via a specially crafted font. Underflow occurs with array index errors in which the index is negative.
19. Windows DNS Use After Free Vulnerability
A use-after-free vulnerability in the DNS server could allow remote attackers to execute arbitrary code via crafted requests. A use-after-free error occurs when a software application continues to use a pointer after it has been freed.
18. Graphics Memory Corruption Vulnerability
Fonts vulnerabilities are a common entry point for remote attackers looking for an easy way in. In this case, the Windows font library could allow remote attackers to execute arbitrary code via a specially crafted embedded font.
17. Windows Journal Heap Overflow Vulnerability
A heap-based buffer overflow in Windows Journal could allow attackers to execute arbitrary code via a specially crafted Journal (.jnt) file. Journal is Windows 8 Server's notetaking application that saves notes as files with the .jnt extension.
16. Windows Journal RCE Vulnerability
This flaw—another Windows Journal vulnerability—could allow remote attackers to execute arbitrary code via a specially crafted .jnt file.
15. Toolbar Use-After-Free Vulnerability
This particular Windows Server 2008 use-after-free vulnerability could allow a remote attacker to execute arbitrary code with a specially crafted toolbar object.
14. Graphics Component Buffer Overflow Vulnerability
A buffer overflow in the Adobe Type Manager Library in Windows Server 2008 could allow remote attackers to execute arbitrary code via a specially crafted OpenType font.
13. Windows Media Center RCE Vulnerability
Windows Media Center in Windows Server 2008 could allow a user-assisted remote attacker to execute arbitrary code via a specially crafted Media Center link (MCL) file. MCL files consist of XML definitions that describe a Windows Media Center resource.
12. OpenType Font Parsing Vulnerability
The atmfd.dll file in the Adobe Type Manager Library of Microsoft Windows Server 2008 could allow remote attackers launch a denial-of-service (DoS) attack using a specially crafted OpenType font.
11. Server Message Block Memory Corruption Vulnerability
This Windows Server 2008 vulnerability could allow remote authenticated users to execute arbitrary code via a specially crafted string in a Server Message Block (SMB) server error-logging action.
10. Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability
Windows 2008 Server's Remote Desktop Protocol (RDP) client contains an untrusted search path vulnerability that could allow local users to gain privileges via a Trojan horse DLL in the current working directory.
9. TrueType Font Parsing Vulnerability
Font vulnerabilities are a popular way for attackers to gain access to a system, and this particular Windows Server 2008 flaw could allow remote attackers to execute arbitrary code via a specially crafted TrueType font.
8. Windows Filesystem Elevation of Privilege Vulnerability
This flaw in Windows Server 2008 could allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a specially crafted application.
7. OpenType Font Driver Vulnerability
Another buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library could allow remote attackers to execute arbitrary code via a specially crafted OpenType font.
6. Microsoft Common Control Use-After-Free Vulnerability
This use-after-free vulnerability in Microsoft Common Controls could allow user-assisted remote attackers to execute arbitrary code via a specially crafted web site accessed with the F12 Developer Tools feature of Internet Explorer.
5. Microsoft Schannel Remote Code Execution Vulnerability
Schannel in Windows Server 2008 could allow a remote attacker to execute arbitrary code via specially crafted packets.
4. Comctl32 Integer Overflow Vulnerability
A flaw in the DSA_InsertItem function in Comctl32.dll in the Windows common control library prevents it from allocating memory correctly, which could in turn allow a remote attacker to execute arbitrary code via a specially crafted value in an argument to an ASP.NET web application.
3. Remote Procedure Call Vulnerability
A flaw in Windows Server 2008 could allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request.
2. HTTP.sys Remote Code Execution Vulnerability
A vulnerability in Windows Server 2008's HTTP.sys file could allow remote attackers to execute arbitrary code via specially crafted HTTP requests.
1. Windows Telnet Service Buffer Overflow Vulnerability
The Telnet service in Windows Server 2008 is vulnerable to buffer overflows attacks, which could allow remote attackers to execute arbitrary code specially via crafted packets.
Unpatched software is by far the leading cause of data breaches these days; for this reason, keeping your Windows Server 2008 deployments updated on a continual basis is critical to preventing system compromises. However, validating and monitoring the security and consistency of configurations across large Windows environments—in the data center, cloud, or hybrid infrastructures—can be a challenge on an ongoing basis. ScriptRock's platform for continuous security monitoring makes this a trivial affair through constant, policy-driven validation, ensuring that critical vulnerabilities never reach production environments. Give it a test drive today— it's free for up to 10 nodes.