This November, Microsoft released monthly security patches covering total 63 vulnerabilities, with 12 of them rated critical, 47 are rated Important, one is rated Moderate and three are Low in Severity. These vulnerabilities impact Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, and Microsoft Office Services and Web Apps, ChakraCore, .NET Core, Skype for Business, Azure App Service on Azure Stack, Team Foundation Server, Microsoft Dynamics 365 (on-premises), PowerShell Core, Microsoft.PowerShell.Archive. Among all vulnerabilities, one (CVE-2018-8589) is being actively exploited and two (CVE-2018-8584, CVE-2018-8566) are listed as publicly known vulnerability at the time of release.


Zero-day Vulnerability In-the-wild

CVE-2018-8589: Similar to last month this month also Windows Win32k Elevation of Privilege Vulnerability under attack. This vulnerability was reported by Kaspersky Labs indicating attackers are using this vulnerability in a malware, which exploits this vulnerability to elevate privilege to take full control of an affected system.

As per Kaspersky Labs,
In October 2018, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in Microsoft’s Windows operating system. Further analysis revealed a zero-day vulnerability in win32k.sys. The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system. So far, we have detected a very limited number of attacks using this vulnerability. The victims are located in the Middle East.


Publicly disclosed

1) CVE-2018-8584: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). To exploit this vulnerability, an attacker would first have to log on to the system and then run a specially crafted application that could exploit the vulnerability and take control over an affected system. To handle this vulnerability Microsoft released an update which addresses the vulnerability by correcting how Windows handles calls to ALPC.

2) CVE-2018-8566: A security feature bypass vulnerability exists, when Windows improperly suspends BitLocker Device Encryption. An attacker needs physical access to the affected system to exploit this vulnerability, an attacker needs to power off the system and exploit the vulnerability to gain access to encrypted data. Microsoft fixes the vulnerability by ensuring Windows resumes BitLocker Device Encryption.


Few other critical vulnerabilities

1) CVE-2018-8476: A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. To exploit the vulnerability, an attacker could create a specially crafted TFTP message, causing Windows to execute arbitrary code with elevated permissions. Microsoft handles this vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory.

2) CVE-2018-8450: A remote code execution vulnerability exists when Windows Search handles objects in memory. To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote authenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer. Microsoft handles this vulnerability by correcting how Windows Search handles objects in memory. This vulnerability can be exploited over the network through an SMB connection, hence should be patched at the earliest.


November 2018 patch Tuesday release consists of security updates for the following products:

  • .NET Core
  • Azure App Service on Azure Stack
  • ChakraCore
  • Internet Explorer
  • Microsoft Dynamics 365 (on-premises)
  • Microsoft Edge
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Windows
  • Microsoft.PowerShell.Archive
  • PowerShell Core
  • Skype for Business
  • Team Foundation Server

Microsoft security bulletin summary for November 2018:

Product: Internet Explorer
Severity: Important
Impact: Information Disclosure, Remote Code Execution
KB’s: 4467701, 4466536, 4467107, 4467697, 4467691, 4467680, 4467696, 4467686, 4467702, 4467708, 4467706
CVE’s/Advisory: CVE-2018-8552, CVE-2018-8570


Product: Microsoft Dynamics 365 (on-premises)
Severity: Important
Impact: Remote Code Execution, Spoofing
KB’s: 4467675
CVE’s/Advisory: CVE-2018-8605, CVE-2018-8606, CVE-2018-8607, CVE-2018-8608, CVE-2018-8609


Product: Microsoft Edge
Severity: Critical
Impact: Remote Code Execution, Information Disclosure, Spoofing, Elevation of Privilege
KB’s: 4467702, 4467708, 4467691, 4467696, 4467680, 4467686
CVE’s/Advisory: CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8545, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8564, CVE-2018-8567, CVE-2018-8588


Product: .NET Core 2.1
Severity: Moderate
Impact: Tampering
Pull Request: 32127
CVE’s/Advisory: CVE-2018-8416


Product: Azure App Service on Azure Stack
Severity: Important
Impact: Spoofing
Release Notes: azure-stack-app-service-release-notes-update-four
CVE’s/Advisory: CVE-2018-8600


Product: ChakraCore
Severity: Critical
Impact: Remote Code Execution
Release Notes: 1113
CVE’s/Advisory: CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588


Product: Microsoft.PowerShell.Archive
Severity: Important
Impact: Remote Code Execution
Release Notes: Microsoft.PowerShell.Archive_1.2.2.0
CVE’s/Advisory: CVE-2018-8256


Product: PowerShell Core
Severity: Important
Impact: Remote Code Execution, Tampering
Release Notes: issues-8, issues-9
CVE’s/Advisory: CVE-2018-8415, CVE-2018-8256


Product: Team Foundation Server
Severity: Important
Impact: Remote Code Execution, Spoofing
KB’s: tfs2017-update3, tfs2018-update1, tfs2018-update3
CVE’s/Advisory: CVE-2018-8602, CVE-2018-8529, CVE-2018-8602


Product: Microsoft Exchange Server
Severity: Important
Impact: Elevation of Privilege
CVE’s/Advisory: CVE-2018-8581


Product: Microsoft Office
Severity: Important
Impact: Remote Code Execution, Denial of Service, Information Disclosure, Elevation of Privilege
KB’s: 4011190, 4461530, 4461488, 4461503, 4461519, 4461487, 3114565, 4461524, 4032218, 4022237, 4022232, 4461518, 4461527, 4092473, 4461529, 4461486, 4461506, 4022147, 4461478, 4461489, 4461483, 4461501, 4461511, 4461520, 4461513, 4461526, 4461485, 4461504, 4461473
CVE’s/Advisory: CVE-2018-8577, CVE-2018-8577, CVE-2018-8574, CVE-2018-8546, CVE-2018-8539, CVE-2018-8573, CVE-2018-8522, CVE-2018-8524, CVE-2018-8558, CVE-2018-8576, CVE-2018-8579, CVE-2018-8582, CVE-2018-8575, CVE-2018-8568, CVE-2018-8578, CVE-2018-8572


Product: Microsoft Windows
Severity: Critical
Impact: Remote Code Execution, Information Disclosure, Tampering, Defense in Depth, Security Feature Bypass, Elevation of Privilege, Spoofing
KB’s: 4467680, 4093430, 4467691, 4465659, 4467696, 4465660, 4467686, 4465661, 4467702, 4465663, 4467708, 4465664, 4467107, 4467106, 3177467, 4467697, 4467703, 3173424, 4467706, 4467700, 3020369, 4467701, 4467678, 3173426
CVE’s/Advisory: CVE-2018-8407, CVE-2018-8408, CVE-2018-8415, ADV990001, CVE-2018-8256, CVE-2018-8417, CVE-2018-8450, CVE-2018-8471, CVE-2018-8485, CVE-2018-8544, CVE-2018-8549, CVE-2018-8550, CVE-2018-8553, CVE-2018-8561, CVE-2018-8562, CVE-2018-8565, CVE-2018-8584, CVE-2018-8407, CVE-2018-8547, CVE-2018-8566, CVE-2018-8454, CVE-2018-8554, CVE-2018-8592, CVE-2018-8563, CVE-2018-8589, CVE-2018-8476


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Patch Tuesday: Microsoft Security Bulletin Summary for November 2018
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for November 2018
Author
Publisher Name
SecPod Technologies
Publisher Logo
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>