Basic search

K
thnThe Hacker NewsTHN:FC0A657EEDC66A38CB29C06FB477EEF0
HistoryNov 14, 2018 - 9:55 a.m.

63 New Flaws (Including 0-Days) Windows Users Need to Patch Now

2018-11-1409:55:00
The Hacker News
thehackernews.com
524

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.948 High

EPSS

Percentile

99.1%

windows patch update

It’s Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products.

This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity.

Two of the vulnerabilities patched by the tech giant this month are listed as publicly known at the time of release, and one flaw is reported as being actively exploited in the wild by multiple cybercriminal groups.

Zero-Day Vulnerability Being Exploited by Cyber Criminals

The zero-day vulnerability, tracked as CVE-2018-8589, which is being exploited in the wild by multiple advanced persistent threat groups was first spotted and reported by security researchers from Kaspersky Labs.

windows zero-day vulnerability

The flaw resides in the Win32k component (win32k.sys), which if exploited successfully, could allow a malicious program to execute arbitrary code in kernel mode and elevate its privileges on an affected Windows 7, Server 2008 or Server 2008 R2 to take control of it.

> “The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system. So far, we have detected a very limited number of attacks using this vulnerability,” Kaspersky said.

Two Publicly Disclosed Zero-Day Vulnerabilities

The other two publicly known zero-day vulnerabilities which were not listed as under active attack reside in Windows Advanced Local Procedure Call (ALPC) service and Microsoft’s BitLocker Security Feature.

The flaw related to ALPC, tracked as CVE-2018-8584, is a privilege escalation vulnerability that could be exploited by running a specially crafted application to execute arbitrary code in the security context of the local system and take control over an affected system.

Advanced local procedure call (ALPC) facilitates high-speed and secure data transfer between one or more processes in the user mode.

The second publicly disclosed vulnerability, tracked as CVE-2018-8566, exists when Windows improperly suspends BitLocker Device Encryption, which could allow an attacker with physical access to a powered-off system to bypass security and gain access to encrypted data.

BitLocker was in headlines earlier this month for a separate issue that could expose Windows users encrypted data due to its default encryption preference and bad encryption on self-encrypting SSDs.

Microsoft did not fully address this issue; instead, the company simply provided a guide on how to manually change BitLocker default encryption choice.

November 2018 Patch Tuesday: Critical and Important Flaws

Out of 12 critical, eight are memory corruption vulnerabilities in the Chakra scripting engine that resides due to the way the scripting engine handles objects in memory in the Microsoft Edge internet browser.

All the 8 vulnerabilities could be exploited to corrupt memory, allowing an attacker to execute code in the context of the current user. To exploit these bugs, all an attacker needs to do is tricking victims into opening a specially crafted website on Microsoft Edge.

Rest three vulnerabilities are remote code execution bugs in the Windows Deployment Services TFTP server, Microsoft Graphics Components, and the VBScript engine. All these flaws reside due to the way the affected software handles objects in memory.

The last critical vulnerability is also a remote code execution flaw that lies in Microsoft Dynamics 365 (on-premises) version 8. The flaw exists when the server fails to properly sanitize web requests to an affected Dynamics server.

If exploited successfully, the vulnerability could allow an authenticated attacker to run arbitrary code in the context of the SQL service account by sending a specially crafted request to a vulnerable Dynamics server.

Windows Deployment Services TFTP Server Remote Code Execution Vulnerability CVE-2018-8476 Critical
Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2018-8553 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8588 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8541 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8542 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8543 Critical
Windows VBScript Engine Remote Code Execution Vulnerability CVE-2018-8544 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8555 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8556 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8557 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8551 Critical
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability CVE-2018-8609 Critical
Azure App Service Cross-site Scripting Vulnerability CVE-2018-8600 Important
Windows Win32k Elevation of Privilege Vulnerability CVE-2018-8589 Important
BitLocker Security Feature Bypass Vulnerability CVE-2018-8566 Important
Windows ALPC Elevation of Privilege Vulnerability CVE-2018-8584 Important
Team Foundation Server Cross-site Scripting Vulnerability CVE-2018-8602 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8605 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8606 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8607 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8608 Important
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability CVE-2018-8471 Important
DirectX Elevation of Privilege Vulnerability CVE-2018-8485 Important
DirectX Elevation of Privilege Vulnerability CVE-2018-8554 Important
DirectX Elevation of Privilege Vulnerability CVE-2018-8561 Important
Win32k Elevation of Privilege Vulnerability CVE-2018-8562 Important
Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2018-8572 Important
Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2018-8581 Important
Windows COM Elevation of Privilege Vulnerability CVE-2018-8550 Important
Windows VBScript Engine Remote Code Execution Vulnerability CVE-2018-8552 Important
Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2018-8568 Important
Windows Elevation Of Privilege Vulnerability CVE-2018-8592 Important
Microsoft Edge Elevation of Privilege Vulnerability CVE-2018-8567 Important
DirectX Information Disclosure Vulnerability CVE-2018-8563 Important
MSRPC Information Disclosure Vulnerability CVE-2018-8407 Important
Windows Audio Service Information Disclosure Vulnerability CVE-2018-8454 Important
Win32k Information Disclosure Vulnerability CVE-2018-8565 Important
Microsoft Outlook Information Disclosure Vulnerability CVE-2018-8558 Important
Windows Kernel Information Disclosure Vulnerability CVE-2018-8408 Important
Microsoft Edge Information Disclosure Vulnerability CVE-2018-8545 Important
Microsoft SharePoint Information Disclosure Vulnerability CVE-2018-8578 Important
Microsoft Outlook Information Disclosure Vulnerability CVE-2018-8579 Important
PowerShell Remote Code Execution Vulnerability CVE-2018-8256 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8522 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8576 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8524 Important
Microsoft Word Remote Code Execution Vulnerability CVE-2018-8539 Important
Microsoft Word Remote Code Execution Vulnerability CVE-2018-8573 Important
Microsoft Excel Remote Code Execution Vulnerability CVE-2018-8574 Important
Microsoft Project Remote Code Execution Vulnerability CVE-2018-8575 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8582 Important
Windows Search Remote Code Execution Vulnerability CVE-2018-8450 Important
Microsoft Excel Remote Code Execution Vulnerability CVE-2018-8577 Important
Internet Explorer Memory Corruption Vulnerability CVE-2018-8570 Important
Microsoft JScript Security Feature Bypass Vulnerability CVE-2018-8417 Important
Windows Security Feature Bypass Vulnerability CVE-2018-8549 Important
Microsoft Edge Spoofing Vulnerability CVE-2018-8564 Important
Active Directory Federation Services XSS Vulnerability CVE-2018-8547 Important
Team Foundation Server Remote Code Execution Vulnerability CVE-2018-8529 Important
Yammer Desktop Application Remote Code Execution Vulnerability CVE-2018-8569 Important
Microsoft Powershell Tampering Vulnerability CVE-2018-8415 Important
.NET Core Tampering Vulnerability CVE-2018-8416 Moderate
Microsoft Skype for Business Denial of Service Vulnerability CVE-2018-8546 Low
This month’s security update also covers 46 important vulnerabilities in Windows, PowerShell, MS Excel, Outlook, SharePoint, VBScript Engine, Edge, Windows Search service, Internet Explorer, Azure App Service, Team Foundation Server, and Microsoft Dynamics 365.

Users and system administrators are strongly advised to apply the above security patches as soon as possible in order to keep hackers and cyber criminals away from taking control of their systems.

For installing security patch updates, head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.948 High

EPSS

Percentile

99.1%

Related for THN:FC0A657EEDC66A38CB29C06FB477EEF0