Microsoft’s Patch Tuesday updates for November 2018 addressed 63 vulnerabilities, including an actively exploited Windows privilege escalation vulnerability.
Twelve of the flaws were rated as “Critical”, 49 are rated Important, two vulnerabilities were publicly known at the time of release (CVE-2018-8584, a Windows ALPC elevation of privilege issue, and CVE-2018-8566, a BitLocker security feature bypass flaw), and one of them was reportedly under active attack.
9 of the 12 Critical flaws addressed with Microsoft’s Patch Tuesday updates for November 2018 are remote code execution (RCE) vulnerabilities in the Chakra scripting engine in Microsoft Edge. The remaining three Critical bugs affects in the Windows Deployment Services TFTP Server, Microsoft Graphics Components, and Windows VBScript Engine.
The flaw exploited in attacks in the wild is tracked as CVE-2018-8589 and could be exploited by an authenticated attacker to execute arbitrary code in the context of the local user, it ties the way Windows handles calls to Win32k.sys.
The vulnerability was reported by experts from Kaspersky Lab, it has been actively exploited by threat actors. The CVE-2018-8589 vulnerability only affects Windows 7 and Windows Server 2008.
” CVE-2018-8589 – Win32k Elevation of Privilege Vulnerability
Just like last month, November has a Win32K (kernel-mode drivers) elevation of privilege vulnerability listed as currently under active attack. Also like last month, this bug was reported by researchers at Kaspersky Labs, indicating this bug is being used in malware.” reads the description published by Zero Day Initiative.
“Again, this is likely being used in targeted attacks in combination with other bugs. Malware often uses kernel elevation bugs to go from user-mode to admin-mode, allowing them full control of a target system.”
Microsoft has addressed a Windows ALPC Elevation of Privilege Vulnerability tracked as CVE-2018-8584 that was disclosed last month by the researcher that goes online with the moniker SandboxEscaper.
SandboxEscaper published a tweet containing a link to a Github page hosting a proof-of-concept (PoC) exploit for a privilege escalation vulnerability affecting Microsoft Data Sharing (dssvc.dll).
(Security Affairs – Microsoft’s Patch Tuesday November 2018, Windows)