when restoring backups of remote servers. The attacker could use this issue to install software on the affected system, view sensitive information, or take actions on the system as root. Update: The vendor announced that version 3.0 of UWP has been released with the fix in version 3.0.1. Update 2: CPY Car Parking Server has been updated to version 2.8.5 with the fix in version 2.8.5. The remote access vulnerability has been assigned Common Vulnerabilities and Exposures number CVE-2018-1040 and is being tracked as vulnerability number CVE-2018-1040 in the Common Vulnerabilities and Exposences list. Update 3: CPY Car Parking Server has been updated to version 3.0.2 with the fix in version 3.0.2. The remote access vulnerability has been assigned Common Vulnerabilities and Exposures number CVE-2018-1040 and is being tracked as vulnerability number CVE-2018-1040 in the Common Vulnerabilities and Exposures list. What’s Fixed? A fix has been released for UWP 3.0 and CPY Car Parking Server 2.8.3. UWP 3.0 has been released with the fix in version 3.0.1. CPY Car Parking Server has been updated to version 3.0.2 with the fix in version 3.0.2.
Installing CPY Car Parking Server 3.0
.2 or UWP 3.0.1
To install the UWP 3.0 update, visit the Microsoft Store on your computer from a browser, and select Check for Updates > Update Now.
To install the CPY Car Parking Server 3.0.2 update, visit https://www.proxitec-solutions.com/support/downloads_cpyserver/ and download the latest release of CPY Car Parking Server 2.8 or above from there and run it to install it in your server.
Installing the Update
Users of Microsoft Windows 10 can download and install the update by opening Settings, clicking Update & Security, and then clicking Check for updates.
Check if you’re affected
To check if your system is vulnerable to CVE-2018-1040 the following procedure should be followed:
1. Search for UWP in the Start menu and open it.
2. Click on the down arrow next to "Windows Utilities" and select "UWP Diagnostics".
3. Select "Events" from the drop-down menu, then click on the magnifying glass icon in the top right corner of the window that opens.
4. Copy both fields of text that appear below and paste them into a new search in Microsoft Security Essentials. If you see any events with an "Event ID" value of 2026, 2023 or 2235, then you are affected by this vulnerability and should follow a mitigation plan outlined by Microsoft or your antivirus software vendor/administrator/IT administrator.
5. If you don't see any events with an "Event ID" value of 2026, 2023 or 2235, then you are not affected by this vulnerability and can continue using Windows 10 without updating your system
Timeline
Published on: 09/28/2022 14:15:00 UTC
Last modified on: 09/28/2022 14:50:00 UTC