Microsoft Windows Server in its default configuration has a critical vulnerability that can cause an escalation of privileges if a server is compromised.
This is known as the Juicy Potato exploit.
The following versions of Windows Server are affected:
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
Windows Server 2019 is not affected by this vulnerability.
At the time of this writing, there is no known fix for this exploit; however, disabling DCOM support on a vulnerable server is considered an acceptable workaround.
You can follow this Microsoft article to find out how to disable DCOM support on your Windows Server: https://support.microsoft.com/en-us/help/825750/how-to-disable-dcom-support-in-windows
A server restart is required for changes to take effect.
These changes will mitigate the vulnerability and existing exploits will not work anymore.
Please note that while most customers do not require DCOM support, it may be used by websites hosted on your server, and disabling DCOM support could affect its functionality.
Disabling DCOM support may also affect environments located within a Windows Domain.