September 11, 2018Swati Khandelwal
Times to gear up your systems and software.
Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for September 2018, patching a total of 61 security vulnerabilities, 17 of which are rated as critical, 43 are rated Important, and one Moderate in severity.
This month’s security updates patch vulnerabilities in Microsoft Windows, Edge, Internet Explorer, MS Office, ChakraCore, .NET Framework, Microsoft.Data.OData, ASP.NET, and more.
Four of the security vulnerabilities patched by the tech giant this month have been listed as “publicly known” and more likely exploited in the wild at the time of release.
CVE-2018-8475: Windows Critical RCE Vulnerability
One of the four publicly disclosed vulnerabilities is a critical remote code execution flaw (CVE-2018-8475) in Microsoft Windows and affects all versions Windows operating system, including Windows 10.
The Windows RCE vulnerability resides in the way Windows handles
specially crafted image files. To execute malicious code on a target
system, all a remote attacker needs to do is just convince a victim to
view an image.
Given its severity and easiness of exploitation, you can expect an exploit targeting Windows users in coming days.
CVE-2018-8440: Windows ALPC Elevation of Privilege Vulnerability
The latest patch update also addresses an “important” zero-day vulnerability in Windows Advanced Local Procedure Call (ALPC) that was publicly disclosed last week on Twitter.
If exploited, the flaw (CVE-2018-8440) could allow a local attacker or malicious program to gain and run code with administrative system privileges on the targeted machines.
According to Microsoft, the flaw is actively being exploited in the wild and requires immediate attention. The proof-of-concept (PoC) exploit for this privilege escalation flaw in Windows is available on Github.
CVE-2018-8457: Scripting Engine Memory Corruption Vulnerability
Another publicly disclosed flaw is a remote code execution vulnerability (CVE-2018-8457)
in the scripting engine, which exists when the scripting engine fails
to properly handle objects in memory in Microsoft browsers, allowing an
unauthenticated, remote attacker to execute arbitrary code on a targeted
system in the context of the currently logged-in user.
“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system,” Microsoft explains.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The vulnerability affects Microsoft Edge, Internet Explorer 11 and Internet Explorer 10.
Two Windows Hyper-V Remote Code Execution Vulnerabilities
This month patch update also includes patches for two critical remote
code execution vulnerabilities in Windows Hyper-V, a native hypervisor
for running virtual machines on Windows servers.
Both the flaws (CVE-2018-0965 and CVE-2018-8439) exist when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.
Both RCE vulnerabilities can be exploited by a malicious guest user by running a specially crafted application on the virtual operating system to eventually execute arbitrary code on the host operating system.
Patch All Microsoft Software Vulnerabilities
Besides this, Microsoft has also pushed security updates to patch a critical remote code execution vulnerability in Adobe Flash Player, details of which you can get through a separate article posted today.
Adobe has labeled the same privilege escalation vulnerability (CVE-2018-15967) as important, while Microsoft marked it as a critical remote code execution flaw.
Users are strongly advised to apply all security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.
For installing security updates, directly head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.