Microsoft’s Patch Tuesday updates for November 2018 addressed 63 vulnerabilities, including an actively exploited Windows privilege escalation vulnerability.
Twelve of the flaws were rated as “Critical”, 49 are rated Important, two vulnerabilities were publicly known at the time of release (CVE-2018-8584, a Windows ALPC elevation of privilege issue, and CVE-2018-8566, a BitLocker security feature bypass flaw), and one of them was reportedly under active attack.
9 of the 12 Critical flaws addressed with Microsoft’s Patch Tuesday updates for November 2018 are remote code execution (RCE) vulnerabilities in the Chakra scripting engine in Microsoft Edge. The remaining three Critical bugs affects in the Windows Deployment Services TFTP Server, Microsoft Graphics Components, and Windows VBScript Engine.
The flaw exploited in attacks in the wild is tracked as CVE-2018-8589 and could be exploited by an authenticated attacker to execute arbitrary code in the context of the local user, it ties the way Windows handles calls to Win32k.sys.
The vulnerability was reported by experts from Kaspersky Lab, it has been actively exploited by threat actors. The CVE-2018-8589 vulnerability only affects Windows 7 and Windows Server 2008.
” CVE-2018-8589 – Win32k Elevation of Privilege Vulnerability
Just like last month, November has a Win32K (kernel-mode drivers) elevation of privilege vulnerability listed as currently under active attack. Also like last month, this bug was reported by researchers at Kaspersky Labs, indicating this bug is being used in malware.” reads the description published by Zero Day Initiative.
“Again, this is likely being used in targeted attacks in combination with other bugs. Malware often uses kernel elevation bugs to go from user-mode to admin-mode, allowing them full control of a target system.”
Microsoft has addressed a Windows ALPC Elevation of Privilege Vulnerability tracked as CVE-2018-8584 that was disclosed last month by the researcher that goes online with the moniker SandboxEscaper.
SandboxEscaper published a tweet containing a link to a Github page hosting a proof-of-concept (PoC) exploit for a privilege escalation vulnerability affecting Microsoft Data Sharing (dssvc.dll).
(Security Affairs – Microsoft’s Patch Tuesday November 2018, Windows)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.