Microsoft’s Patch Tuesday updates for November 2018 fixed more than 60 vulnerabilities, including an actively exploited Windows flaw.
Microsoft’s Patch Tuesday updates for November 2018 addressed 63 vulnerabilities, including an actively exploited Windows privilege escalation vulnerability.
Twelve of the flaws were rated as “Critical”, 49 are rated Important, two vulnerabilities were publicly known at the time of release (CVE-2018-8584, a Windows ALPC elevation of privilege issue, and CVE-2018-8566, a BitLocker security feature bypass flaw), and one of them was reportedly under active attack.
9 of the 12 Critical flaws addressed with Microsoft’s Patch Tuesday updates for November 2018 are remote code execution (RCE) vulnerabilities in the Chakra scripting engine in Microsoft Edge. The remaining three Critical bugs affects in the Windows Deployment Services TFTP Server, Microsoft Graphics Components, and Windows VBScript Engine.
The flaw exploited in attacks in the wild is tracked as CVE-2018-8589 and could be exploited by an authenticated attacker to execute arbitrary code in the context of the local user, it ties the way Windows handles calls to Win32k.sys.
The vulnerability was reported by experts from Kaspersky Lab, it has been actively exploited by threat actors. The CVE-2018-8589 vulnerability only affects Windows 7 and Windows Server 2008.
” CVE-2018-8589 – Win32k Elevation of Privilege Vulnerability Just like last month, November has a Win32K (kernel-mode drivers) elevation of privilege vulnerability listed as currently under active attack. Also like last month, this bug was reported by researchers at Kaspersky Labs, indicating this bug is being used in malware.” reads the description published by Zero Day Initiative.
“Again, this is likely being used in targeted attacks in combination with other bugs. Malware often uses kernel elevation bugs to go from user-mode to admin-mode, allowing them full control of a target system.”
Microsoft has addressed a Windows ALPC Elevation of Privilege Vulnerability tracked as CVE-2018-8584 that was disclosed last month by the researcher that goes online with the moniker SandboxEscaper.
SandboxEscaper published a tweet containing a link to a Github page hosting a proof-of-concept (PoC) exploit for a privilege escalation vulnerability affecting Microsoft Data Sharing (dssvc.dll).
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.