Network Security, Patch/Configuration Management, Vulnerability Management

Microsoft’s Patch Tuesday addresses Zero Day vulnerabilities

Microsoft’s Patch Tuesday rollout covered 62 items, 12 rated critical, including patches for a pair of Zero Day vulnerabilities.

Among the most worrisome issues addressed with this round of updates is CVE-2018-8589, a Won32k elevation of privilege flaw, that has been spotted in the wild affecting Windows 7, Server 2008 and Server 2008 R2.

“This flaw is being actively exploited in the wild by threat actors, meaning it poses real-world risk to organizations and should be prioritized,” said Glen Pendley, Tenable’s deputy CTO.

Chris Goettle, Ivanti’s director of product management, noted that while this vulnerability only rated important and the attacker needs to log on to the system to exploit it, but when exploited the attacker would gain full control of the affected system.

The second Zero Day CVE-2018-8584 covers a vulnerability that was disclosed in October and impacts Windows 10, Server 2016, and Server 2019. If exploited it could allow unauthorized users to access and delete files on systems that are normally only accessible by admins, a serious issue that Pendley said should be fixed immediately.

This flaw is serious, as an attacker could leverage it to perform a number of functions, including dll (dynamically linked library) hijacking. In this attack scenario, a cybercriminal can delete and input their own dll that contains malicious code, ”he said.

 David Carver, Recorded Future’s threat intelligence analyst, pointed to five memory corruption issues (CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, and CVE-2018-8588) in the Chakra scripting engine behind Microsoft Edge that should be top of mind for IT admins.

If exploited these could give a malicious actor the ability to execute code remotely, albeit only if a few hoops were jumped through. A user on a vulnerable system would have to access a malicious website or content hosted on a website, such as a malverstisement.

“Attackers would not gain elevated privileges but would gain the permissions of the current user, making exploitation a severe threat if it were successfully conducted against network or system administrators. Microsoft reports no examples yet of these vulnerabilities having been exploited,” Carver said.

Industry pros also pointed out that almost all of the critical rated issues are located in Microsoft Edge and that these need to be addressed as soon as possible as they can all lead to remote code execution.

Microsoft also re-released the latest version of Windows 10 1809 and Server 2019 today. The company began rolling these out in October, but was forced to halt the process when the updates began causing a variety of problems, including deleting data from the host system after the upgrade was installed.

Microsoft also issued advisories for several Adobe product fixes that were also released today.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.