Blog
Top 20 Critical Windows Server 2008 Vulnerabilities And Remediation Tips

Top 20 Critical Windows Server 2008 Vulnerabilities And Remediation Tips

Abstract shapeAbstract shape
Join 27,000+ cybersecurity newsletter subscribers

Though Windows Server 2008—with features like hard drive encryption, ISV security programmability, and an improved firewall—is a significant leap forward in terms of security when compared to its predecessor Windows Server 2003, it is certainly not without its own security flaws. The following are the top 20 critical Windows Server 2008 vulnerabilities and tips on how to remediate them.

20. Windows Integer Underflow Vulnerability

CVE-2015-6130

An integer underflow in Uniscribe—Windows APIs that enable control of typography and complex script processing—could allow a remote attacker to execute arbitrary code via a specially crafted font. Underflow occurs with array index errors in which the index is negative.

19. Windows DNS Use After Free Vulnerability

CVE-2015-6125

A use-after-free vulnerability in the DNS server could allow remote attackers to execute arbitrary code via crafted requests. A use-after-free error occurs when a software application continues to use a pointer after it has been freed. 

18. Graphics Memory Corruption Vulnerability

CVE-2015-6108

Fonts vulnerabilities are a common entry point for remote attackers looking for an easy way in. In this case, the Windows font library could allow remote attackers to execute arbitrary code via a specially crafted embedded font.

17. Windows Journal Heap Overflow Vulnerability

CVE-2015-6097 

A heap-based buffer overflow in Windows Journal could allow attackers to execute arbitrary code via a specially crafted Journal (.jnt) file. Journal is Windows 8 Server's note taking application that saves notes as files with the .jnt extension.

16. Windows Journal RCE Vulnerability

CVE-2015-2530

This flaw—another Windows Journal vulnerability—could allow remote attackers to execute arbitrary code via a specially crafted .jnt file.

15. Toolbar Use-After-Free Vulnerability

CVE-2015-2515

This particular Windows Server 2008 use-after-free vulnerability could allow a remote attacker to execute arbitrary code with a specially crafted toolbar object.

14. Graphics Component Buffer Overflow Vulnerability

CVE-2015-2510

A buffer overflow in the Adobe Type Manager Library in Windows Server 2008 could allow remote attackers to execute arbitrary code via a specially crafted OpenType font.

13. Windows Media Center RCE Vulnerability

CVE-2015-2509

Windows Media Center in Windows Server 2008 could allow a user-assisted remote attacker to execute arbitrary code via a specially crafted Media Center link (MCL) file. MCL files consist of XML definitions that describe a Windows Media Center resource. 

12. OpenType Font Parsing Vulnerability

CVE-2015-2506 

The atmfd.dll file in the Adobe Type Manager Library of Microsoft Windows Server 2008 could allow remote attackers launch a denial-of-service (DoS) attack using a specially crafted OpenType font.

11. Server Message Block Memory Corruption Vulnerability

CVE-2015-2474

This Windows Server 2008 vulnerability could allow remote authenticated users to execute arbitrary code via a specially crafted string in a Server Message Block (SMB) server error-logging action.

10. Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability

CVE-2015-2473

Windows 2008 Server's Remote Desktop Protocol (RDP) client contains an untrusted search path vulnerability that could allow local users to gain privileges via a Trojan horse DLL in the current working directory.

9. TrueType Font Parsing Vulnerability

CVE-2015-2464 

Font vulnerabilities are a popular way for attackers to gain access to a system, and this particular Windows Server 2008 flaw could allow remote attackers to execute arbitrary code via a specially crafted TrueType font.

8. Windows Filesystem Elevation of Privilege Vulnerability

CVE-2015-2430 

This flaw in Windows Server 2008 could allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a specially crafted application.

7. OpenType Font Driver Vulnerability

CVE-2015-2426 

Another buffer underflow in atmfd.dll in the Windows Adobe Type Manager Library could allow remote attackers to execute arbitrary code via a specially crafted OpenType font.

6. Microsoft Common Control Use-After-Free Vulnerability

CVE-2015-1756 

This use-after-free vulnerability in Microsoft Common Controls could allow user-assisted remote attackers to execute arbitrary code via a specially crafted web site accessed with the F12 Developer Tools feature of Internet Explorer.

5. Microsoft Schannel Remote Code Execution Vulnerability

CVE-2014-6321

Schannel in Windows Server 2008 could allow a remote attacker to execute arbitrary code via specially crafted packets.

4. Comctl32 Integer Overflow Vulnerability

CVE-2013-3195 

A flaw in the DSA_InsertItem function in Comctl32.dll in the Windows common control library prevents it from allocating memory correctly, which could in turn allow a remote attacker to execute arbitrary code via a specially crafted value in an argument to an ASP.NET web application.

3. Remote Procedure Call Vulnerability

CVE-2013-3175 

A flaw in Windows Server 2008 could allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request.

2. HTTP.sys Remote Code Execution Vulnerability

CVE-2015-1635 

A vulnerability in Windows Server 2008's HTTP.sys file could allow remote attackers to execute arbitrary code via specially crafted HTTP requests.

1. Windows Telnet Service Buffer Overflow Vulnerability

CVE-2015-0014 

The Telnet service in Windows Server 2008 is vulnerable to buffer overflows attacks, which could allow remote attackers to execute arbitrary code specially via crafted packets.

Summary 

Unpatched software is by far the leading cause of data breaches these days; for this reason, keeping your Windows Server 2008 deployments updated on a continual basis is critical to preventing system compromises. However, validating and monitoring the security and consistency of configurations across large Windows environments—in the data center, cloud, or hybrid infrastructures—can be a challenge on an ongoing basis. UpGuard's platform for continuous security monitoring makes this a trivial affair through constant, policy-driven validation, ensuring that critical vulnerabilities never reach production environments.

Free

UpGuard logo in white
UpGuard free resources available for download
Learn more

Download our free ebooks and whitepapers

Insights on cybersecurity and vendor risk management.
UpGuard logo in white
eBooks, Reports & Whitepapers
UpGuard free resources available for download
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

See UpGuard In Action

Book a free, personalized onboarding call with one of our cybersecurity experts.
Abstract shapeAbstract shape

Related posts

Learn more about the latest issues in cybersecurity.
Deliver icon

Sign up to our newsletter

Get the latest curated cybersecurity news, breaches, events and updates in your inbox every week.
Abstract shapeAbstract shape
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan ratingAbstract shape