Microsoft's Patch Tuesday addresses Zero Day vulnerabilities

News by Doug Olenick

Microsoft's Patch Tuesday rollout covered 62 items, 12 rated critical, including patches for a pair of Zero Day vulnerabilities.

Microsoft’s Patch Tuesday rollout covered 62 items, 12 rated critical, including patches for a pair of Zero Day vulnerabilities.

Among the most worrisome issues addressed with this round of updates is CVE-2018-8589, a Won32k elevation of privilege flaw, that has been spotted in the wild affecting Windows 7, Server 2008 and Server 2008 R2.

"This flaw is being actively exploited in the wild by threat actors, meaning it poses real-world risk to organisations and should be prioritised," said Glen Pendley, Tenable’s deputy CTO.

Chris Goettle, Ivanti’s director of product management, noted that while this vulnerability only rated important and the attacker needs to log on to the system to exploit it, but when exploited the attacker would gain full control of the affected system.

The second Zero Day CVE-2018-8584 covers a vulnerability that was disclosed in October and impacts Windows 10, Server 2016, and Server 2019. If exploited it could allow unauthorised users to access and delete files on systems that are normally only accessible by admins, a serious issue that Pendley said should be fixed immediately.

"This flaw is serious, as an attacker could leverage it to perform a number of functions, including dll (dynamically linked library) hijacking. In this attack scenario, a cyber-criminal can delete and input their own dll that contains malicious code, "he said.

David Carver, Recorded Future’s threat intelligence analyst, pointed to five memory corruption issues (CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, and CVE-2018-8588) in the Chakra scripting engine behind Microsoft Edge that should be top of mind for IT admins.

If exploited these could give a malicious actor the ability to execute code remotely, albeit only if a few hoops were jumped through. A user on a vulnerable system would have to access a malicious website or content hosted on a website, such as a malverstisement.

"Attackers would not gain elevated privileges but would gain the permissions of the current user, making exploitation a severe threat if it were successfully conducted against network or system administrators. Microsoft reports no examples yet of these vulnerabilities having been exploited," Carver said.

Industry pros also pointed out that almost all of the critical rated issues are located in Microsoft Edge and that these need to be addressed as soon as possible as they can all lead to remote code execution.

Microsoft also re-released the latest version of Windows 10 1809 and Server 2019 today. The company began rolling these out in October, but was forced to halt the process when the updates began causing a variety of problems, including deleting data from the host system after the upgrade was installed.

Microsoft also issued advisories for several Adobe product fixes that were also released today.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews