This November, Microsoft Patch Tuesday November 2018 released monthly security patches covering total 63 vulnerabilities, with 12 of them rated critical, 47 are rated Important, one is rated Moderate and three are Low in Severity. All these were decided using a vulnerability management tool. These vulnerabilities impact Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, and Microsoft Office Services and Web Apps, ChakraCore, .NET Core, Skype for Business, Azure App Service on Azure Stack, Team Foundation Server, Microsoft Dynamics 365 (on-premises), PowerShell Core, Microsoft.PowerShell.Archive. Among all vulnerabilities, one (CVE-2018-8589) is being actively exploited and two (CVE-2018-8584, CVE-2018-8566) are listed as publicly known vulnerability at the time of release.
Zero-day Vulnerability(CVE-2018-8589) In-the-wild
CVE-2018-8589: Similar to last month this month also Windows Win32k Elevation of Privilege Vulnerability under attack. This vulnerability was reported by Kaspersky Labs indicating attackers are using this vulnerability in a malware, which exploits this vulnerability to elevate privilege to take full control of an affected system. Also, auto patching can patch this vulnerability.
As per Kaspersky Labs,
In October 2018, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in Microsoft’s Windows operating system. Further analysis revealed a zero-day vulnerability in win32k.sys. The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system. So far, we have detected a very limited number of attacks using this vulnerability. The victims are located in the Middle East.
Publicly disclosed
1) CVE-2018-8584: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). To exploit this vulnerability, an attacker would first have to log on to the system and then run a specially crafted application that could exploit the vulnerability and take control over an affected system. To handle this vulnerability Microsoft released an update which addresses the vulnerability by correcting how Windows handles calls to ALPC.
2) CVE-2018-8566: A security feature bypass vulnerability exists, when Windows improperly suspends BitLocker Device Encryption. An attacker needs physical access to the affected system to exploit this vulnerability, an attacker needs to power off the system and exploit the vulnerability to gain access to encrypted data. Microsoft fixes the vulnerability by ensuring Windows resumes BitLocker Device Encryption.
Few other critical vulnerabilities
1) CVE-2018-8476: A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. To exploit the vulnerability, an attacker could create a specially crafted TFTP message, causing Windows to execute arbitrary code with elevated permissions. Microsoft handles this vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory.
2) CVE-2018-8450: A remote code execution vulnerability exists when Windows Search handles objects in memory. To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. An attacker with access to a target computer could exploit this vulnerability to elevate privileges and take control of the computer. Additionally, in an enterprise scenario, a remote authenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer. Microsoft handles this vulnerability by correcting how Windows Search handles objects in memory. This vulnerability can be exploited over the network through an SMB connection, hence should be patched at the earliest.
Microsoft November 2018 Patch Tuesday release consists of security updates for the following products:
- .NET Core
- Azure App Service on Azure Stack
- ChakraCore
- Internet Explorer
- Microsoft Dynamics 365 (on-premises)
- Microsoft Edge
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Windows
- Microsoft.PowerShell.Archive
- PowerShell Core
- Skype for Business
- Team Foundation Server
Microsoft Patch Tuesday November 2018 Bulletin Summary:
- Product: Internet Explorer
Severity: Important
Impact: Information Disclosure, Remote Code Execution
KB’s: 4467701, 4466536, 4467107, 4467697, 4467691, 4467680, 4467696, 4467686, 4467702, 4467708, 4467706
CVE’s/Advisory: CVE-2018-8552, CVE-2018-8570
2. Product: Microsoft Dynamics 365 (on-premises)
Severity: Important
Impact: Remote Code Execution, Spoofing
KB’s: 4467675
CVE’s/Advisory: CVE-2018-8605, CVE-2018-8606, CVE-2018-8607, CVE-2018-8608, CVE-2018-8609
3. Product: Microsoft Edge
Severity: Critical
Impact: Remote Code Execution, Information Disclosure, Spoofing, Elevation of Privilege
KB’s: 4467702, 4467708, 4467691, 4467696, 4467680, 4467686
CVE’s/Advisory: CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8545, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8564, CVE-2018-8567, CVE-2018-8588
4. Product: .NET Core 2.1
Severity: Moderate
Impact: Tampering
Pull Request: 32127
CVE’s/Advisory: CVE-2018-8416
5. Product: Azure App Service on Azure Stack
Severity: Important
Impact: Spoofing
Release Notes: azure-stack-app-service-release-notes-update-four
CVE’s/Advisory: CVE-2018-8600
More on Microsoft Bulletin Summary
6. Product: ChakraCore
Severity: Critical
Impact: Remote Code Execution
Release Notes: 1113
CVE’s/Advisory: CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588
7. Product: Microsoft.PowerShell.Archive
Severity: Important
Impact: Remote Code Execution
Release Notes: Microsoft.PowerShell.Archive_1.2.2.0
CVE’s/Advisory: CVE-2018-8256
8. Product: PowerShell Core
Severity: Important
Impact: Remote Code Execution, Tampering
Release Notes: issues-8, issues-9
CVE’s/Advisory: CVE-2018-8415, CVE-2018-8256
9. Product: Team Foundation Server
Severity: Important
Impact: Remote Code Execution, Spoofing
KB’s: tfs2017-update3, tfs2018-update1, tfs2018-update3
CVE’s/Advisory: CVE-2018-8602, CVE-2018-8529, CVE-2018-8602
10. Product: Microsoft Exchange Server
Severity: Important
Impact: Elevation of Privilege
CVE’s/Advisory: CVE-2018-8581
11. Product: Microsoft Office
Severity: Important
Impact: Remote Code Execution, Denial of Service, Information Disclosure, Elevation of Privilege
KB’s: 4011190, 4461530, 4461488, 4461503, 4461519, 4461487, 3114565, 4461524, 4032218, 4022237, 4022232, 4461518, 4461527, 4092473, 4461529, 4461486, 4461506, 4022147, 4461478, 4461489, 4461483, 4461501, 4461511, 4461520, 4461513, 4461526, 4461485, 4461504, 4461473
CVE’s/Advisory: CVE-2018-8577, CVE-2018-8577, CVE-2018-8574, CVE-2018-8546, CVE-2018-8539, CVE-2018-8573, CVE-2018-8522, CVE-2018-8524, CVE-2018-8558, CVE-2018-8576, CVE-2018-8579, CVE-2018-8582, CVE-2018-8575, CVE-2018-8568, CVE-2018-8578, CVE-2018-8572
12. Product: Microsoft Windows
Severity: Critical
Impact: Remote Code Execution, Information Disclosure, Tampering, Defense in Depth, Security Feature Bypass, Elevation of Privilege, Spoofing
KB’s: 4467680, 4093430, 4467691, 4465659, 4467696, 4465660, 4467686, 4465661, 4467702, 4465663, 4467708, 4465664, 4467107, 4467106, 3177467, 4467697, 4467703, 3173424, 4467706, 4467700, 3020369, 4467701, 4467678, 3173426
CVE’s/Advisory: CVE-2018-8407, CVE-2018-8408, CVE-2018-8415, ADV990001, CVE-2018-8256, CVE-2018-8417, CVE-2018-8450, CVE-2018-8471, CVE-2018-8485, CVE-2018-8544, CVE-2018-8549, CVE-2018-8550, CVE-2018-8553, CVE-2018-8561, CVE-2018-8562, CVE-2018-8565, CVE-2018-8584, CVE-2018-8407, CVE-2018-8547, CVE-2018-8566, CVE-2018-8454, CVE-2018-8554, CVE-2018-8592, CVE-2018-8563, CVE-2018-8589, CVE-2018-8476
SecPod SanerNow detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.