Today is Microsoft's December 2018 Patch Tuesday, which means it is time to update your computer so that you are protected from the latest threats to Windows and Microsoft products. Two of the patched critical vulnerabilities are known to have been used in the wild by attackers, so it is important that these updates are installed immediately
With the release of the the December security updates, Microsoft has fixed 39 vulnerabilities, with 10 of them being labeled as Critical.
For information about the non-security Windows updates, you can read about today's Windows 10 Cumulative Updates.
Actively used Zero-day Windows vulnerability escalates privileges
A zero-day Windows vulnerability that is known to have been used in attacks was fixed in today's security updates. This vulnerability has been assigned the ID CVE-2018-8611 and allows attackers to exploit a bug in the Windows Kernel to execute programs at a higher privilege level.
According to Microsoft this vulnerability is caused "when the Windows kernel fails to properly handle objects in memory." This allows an attacker to execute code in the Kernel, which essentially gives them full control over the computer. In order to exploit this vulnerability, the targeted user would first need to be logged into the PC.
This bug was discovered by Kaspersky, and according to the Zero Day Initiative also indicates that the exploit is probably being used in malware. This type of attack exploit is well suited for malware, which is already running under a logged in users credentials.
Adobe Flash Zero-day fix part of today's release
In today's security updates is also an update for Adobe Flash that resolves a zero-day vulnerability that was utilized in an APT attack against a Russian medical clinic named "Russian FSBI "Polyclinic #2". This vulnerability was exploited by a malicious Word document that was sent to employees of the medical clinic and pretended to be a employee questionnaire.
When the document was opened, it would cause a vulnerable computer to download and execute malware that acted as an information stealer and a backdoor.
Adobe fixed this zero-day and another vulnerability in their APSB18-42 December 5th update.
Critical Vulnerabilities fixed in the December 2018 Patch Tuesday updates
This Patch Tuesday fixes 9 Critical security vulnerabilities in Microsoft products and one Flash vulnerability that was patched by Adobe on December 5th. These vulnerabilities are the most dangerous as they could allow a remote attacker to execute commands on a vulnerable computer and essentially take full control of it.
Of the 10 Critical vulnerabilities, 5 of them are in the Chakra Scripting Engine.
CVE-2018-8540 - .NET Framework Remote Code Injection Vulnerability:
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE-2018-8583 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
CVE-2018-8617 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
CVE-2018-8618 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
CVE-2018-8624 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
CVE-2018-8626 - Windows DNS Server Heap Overflow Vulnerability:
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.
CVE-2018-8629 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
CVE-2018-8631 - Internet Explorer Memory Corruption Vulnerability:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website.
CVE-2018-8634 - Microsoft Text-To-Speech Remote Code Execution Vulnerability:
A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
ADV180031 - December 2018 Adobe Flash Security Update:
This update resolves two vulnerabilities in Adobe Flash Player that were patched by Adobe on December 5th. One of these vulnerabilities was exploited in the wild in an APT attack against Russia.
The December 2018 Patch Tuesday Security Updates
Below is the full list of vulnerabilities resolved by the December 2018 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
| Tag | CVE ID | CVE Title |
|---|---|---|
| .NET Framework | CVE-2018-8517 | .NET Framework Denial Of Service Vulnerability |
| .NET Framework | CVE-2018-8540 | .NET Framework Remote Code Injection Vulnerability |
| Adobe Flash Player | ADV180031 | December 2018 Adobe Flash Security Update |
| Internet Explorer | CVE-2018-8619 | Internet Explorer Remote Code Execution Vulnerability |
| Internet Explorer | CVE-2018-8631 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Dynamics | CVE-2018-8651 | Microsoft Dynamics NAV Cross Site Scripting Vulnerability |
| Microsoft Exchange Server | CVE-2018-8604 | Microsoft Exchange Server Tampering Vulnerability |
| Microsoft Graphics Component | CVE-2018-8639 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8638 | DirectX Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-8595 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-8596 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8628 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8636 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8627 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8598 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8587 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8597 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8635 | Microsoft SharePoint Server Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8580 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8629 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8643 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8625 | Windows VBScript Engine Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8617 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8583 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8618 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8624 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2018-8649 | Windows Denial of Service Vulnerability |
| Microsoft Windows DNS | CVE-2018-8514 | Remote Procedure Call runtime Information Disclosure Vulnerability |
| Microsoft Windows DNS | CVE-2018-8626 | Windows DNS Server Heap Overflow Vulnerability |
| Visual Studio | CVE-2018-8599 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability |
| Windows Authentication Methods | CVE-2018-8634 | Microsoft Text-To-Speech Remote Code Execution Vulnerability |
| Windows Azure Pack | CVE-2018-8652 | Windows Azure Pack Cross Site Scripting Vulnerability |
| Windows Kernel | CVE-2018-8477 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8621 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8612 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability |
| Windows Kernel | CVE-2018-8611 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8622 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8637 | Win32k Information Disclosure Vulnerability |
| Windows Kernel-Mode Drivers | CVE-2018-8641 | Win32k Elevation of Privilege Vulnerability |
Comments
Nighthawke1701a - 5 years ago
And it's causing uncommanded restarts of workstations. I've had two do that before my eyes, one in the middle of a critical installation of some account software, wrecking the mess.