November 13, 2018Swati Khandelwal
It’s Patch Tuesday once again…time for another round of security updates
for the Windows operating system and other Microsoft products.
This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity.
Two of the vulnerabilities patched by the tech giant this month are listed as publicly known at the time of release, and one flaw is reported as being actively exploited in the wild by multiple cybercriminal groups.
Zero-Day Vulnerability Being Exploited by Cyber Criminals
The zero-day vulnerability, tracked as CVE-2018-8589,
which is being exploited in the wild by multiple advanced persistent
threat groups was first spotted and reported by security researchers
from Kaspersky Labs.
The flaw resides in the Win32k component (win32k.sys), which if
exploited successfully, could allow a malicious program to execute
arbitrary code in kernel mode and elevate its privileges on an affected
Windows 7, Server 2008 or Server 2008 R2 to take control of it.
“The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system. So far, we have detected a very limited number of attacks using this vulnerability,” Kaspersky said.
Two Publicly Disclosed Zero-Day Vulnerabilities
The other two publicly known zero-day vulnerabilities which were not
listed as under active attack reside in Windows Advanced Local Procedure
Call (ALPC) service and Microsoft’s BitLocker Security Feature.
The flaw related to ALPC, tracked as CVE-2018-8584, is a privilege escalation vulnerability that could be exploited by running a specially crafted application to execute arbitrary code in the security context of the local system and take control over an affected system.
Advanced local procedure call (ALPC) facilitates high-speed and secure data transfer between one or more processes in the user mode.
The second publicly disclosed vulnerability, tracked as CVE-2018-8566, exists when Windows improperly suspends BitLocker Device Encryption, which could allow an attacker with physical access to a powered-off system to bypass security and gain access to encrypted data.
BitLocker was in headlines earlier this month for a separate issue that could expose Windows users encrypted data due to its default encryption preference and bad encryption on self-encrypting SSDs.
Microsoft did not fully address this issue; instead, the company simply provided a guide on how to manually change BitLocker default encryption choice.
November 2018 Patch Tuesday: Critical and Important Flaws
Out of 12 critical, eight are memory corruption vulnerabilities in the
Chakra scripting engine that resides due to the way the scripting engine
handles objects in memory in the Microsoft Edge internet browser.
All the 8 vulnerabilities could be exploited to corrupt memory, allowing an attacker to execute code in the context of the current user. To exploit these bugs, all an attacker needs to do is tricking victims into opening a specially crafted website on Microsoft Edge.
Rest three vulnerabilities are remote code execution bugs in the Windows Deployment Services TFTP server, Microsoft Graphics Components, and the VBScript engine. All these flaws reside due to the way the affected software handles objects in memory.
The last critical vulnerability is also a remote code execution flaw that lies in Microsoft Dynamics 365 (on-premises) version 8. The flaw exists when the server fails to properly sanitize web requests to an affected Dynamics server.
If exploited successfully, the vulnerability could allow an authenticated attacker to run arbitrary code in the context of the SQL service account by sending a specially crafted request to a vulnerable Dynamics server.
|Windows Deployment Services TFTP Server Remote Code Execution Vulnerability||CVE-2018-8476||Critical|
|Microsoft Graphics Components Remote Code Execution Vulnerability||CVE-2018-8553||Critical|
|Chakra Scripting Engine Memory Corruption Vulnerability||CVE-2018-8588||Critical|
|Chakra Scripting Engine Memory Corruption Vulnerability||CVE-2018-8541||Critical|
|Chakra Scripting Engine Memory Corruption Vulnerability||CVE-2018-8542||Critical|
|Chakra Scripting Engine Memory Corruption Vulnerability||CVE-2018-8543||Critical|
|Windows VBScript Engine Remote Code Execution Vulnerability||CVE-2018-8544||Critical|
|Chakra Scripting Engine Memory Corruption Vulnerability||CVE-2018-8555||Critical|
|Chakra Scripting Engine Memory Corruption Vulnerability||CVE-2018-8556||Critical|
|Chakra Scripting Engine Memory Corruption Vulnerability||CVE-2018-8557||Critical|
|Chakra Scripting Engine Memory Corruption Vulnerability||CVE-2018-8551||Critical|
|Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability||CVE-2018-8609||Critical|
|Azure App Service Cross-site Scripting Vulnerability||CVE-2018-8600||Important|
|Windows Win32k Elevation of Privilege Vulnerability||CVE-2018-8589||Important|
|BitLocker Security Feature Bypass Vulnerability||CVE-2018-8566||Important|
|Windows ALPC Elevation of Privilege Vulnerability||CVE-2018-8584||Important|
|Team Foundation Server Cross-site Scripting Vulnerability||CVE-2018-8602||Important|
|Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability||CVE-2018-8605||Important|
|Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability||CVE-2018-8606||Important|
|Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability||CVE-2018-8607||Important|
|Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability||CVE-2018-8608||Important|
|Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability||CVE-2018-8471||Important|
|DirectX Elevation of Privilege Vulnerability||CVE-2018-8485||Important|
|DirectX Elevation of Privilege Vulnerability||CVE-2018-8554||Important|
|DirectX Elevation of Privilege Vulnerability||CVE-2018-8561||Important|
|Win32k Elevation of Privilege Vulnerability||CVE-2018-8562||Important|
|Microsoft SharePoint Elevation of Privilege Vulnerability||CVE-2018-8572||Important|
|Microsoft Exchange Server Elevation of Privilege Vulnerability||CVE-2018-8581||Important|
|Windows COM Elevation of Privilege Vulnerability||CVE-2018-8550||Important|
|Windows VBScript Engine Remote Code Execution Vulnerability||CVE-2018-8552||Important|
|Microsoft SharePoint Elevation of Privilege Vulnerability||CVE-2018-8568||Important|
|Windows Elevation Of Privilege Vulnerability||CVE-2018-8592||Important|
|Microsoft Edge Elevation of Privilege Vulnerability||CVE-2018-8567||Important|
|DirectX Information Disclosure Vulnerability||CVE-2018-8563||Important|
|MSRPC Information Disclosure Vulnerability||CVE-2018-8407||Important|
|Windows Audio Service Information Disclosure Vulnerability||CVE-2018-8454||Important|
|Win32k Information Disclosure Vulnerability||CVE-2018-8565||Important|
|Microsoft Outlook Information Disclosure Vulnerability||CVE-2018-8558||Important|
|Windows Kernel Information Disclosure Vulnerability||CVE-2018-8408||Important|
|Microsoft Edge Information Disclosure Vulnerability||CVE-2018-8545||Important|
|Microsoft SharePoint Information Disclosure Vulnerability||CVE-2018-8578||Important|
|Microsoft Outlook Information Disclosure Vulnerability||CVE-2018-8579||Important|
|PowerShell Remote Code Execution Vulnerability||CVE-2018-8256||Important|
|Microsoft Outlook Remote Code Execution Vulnerability||CVE-2018-8522||Important|
|Microsoft Outlook Remote Code Execution Vulnerability||CVE-2018-8576||Important|
|Microsoft Outlook Remote Code Execution Vulnerability||CVE-2018-8524||Important|
|Microsoft Word Remote Code Execution Vulnerability||CVE-2018-8539||Important|
|Microsoft Word Remote Code Execution Vulnerability||CVE-2018-8573||Important|
|Microsoft Excel Remote Code Execution Vulnerability||CVE-2018-8574||Important|
|Microsoft Project Remote Code Execution Vulnerability||CVE-2018-8575||Important|
|Microsoft Outlook Remote Code Execution Vulnerability||CVE-2018-8582||Important|
|Windows Search Remote Code Execution Vulnerability||CVE-2018-8450||Important|
|Microsoft Excel Remote Code Execution Vulnerability||CVE-2018-8577||Important|
|Internet Explorer Memory Corruption Vulnerability||CVE-2018-8570||Important|
|Microsoft JScript Security Feature Bypass Vulnerability||CVE-2018-8417||Important|
|Windows Security Feature Bypass Vulnerability||CVE-2018-8549||Important|
|Microsoft Edge Spoofing Vulnerability||CVE-2018-8564||Important|
|Active Directory Federation Services XSS Vulnerability||CVE-2018-8547||Important|
|Team Foundation Server Remote Code Execution Vulnerability||CVE-2018-8529||Important|
|Yammer Desktop Application Remote Code Execution Vulnerability||CVE-2018-8569||Important|
|Microsoft Powershell Tampering Vulnerability||CVE-2018-8415||Important|
|.NET Core Tampering Vulnerability||CVE-2018-8416||Moderate|
|Microsoft Skype for Business Denial of Service Vulnerability||CVE-2018-8546||Low|
This month’s security update also covers 46 important vulnerabilities in
Windows, PowerShell, MS Excel, Outlook, SharePoint, VBScript Engine,
Edge, Windows Search service, Internet Explorer, Azure App Service, Team
Foundation Server, and Microsoft Dynamics 365.
Users and system administrators are strongly advised to apply the above security patches as soon as possible in order to keep hackers and cyber criminals away from taking control of their systems.
For installing security patch updates, head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.