Today is Microsoft's November 2018 Patch Tuesday, which means we get a ton of security updates to install for Windows and other Microsoft products. As these updates are commonly exploited by attackers, malware, and exploit kits, it is strongly advised that all users install these updates as soon as possible.
With the release of the the November security updates, Microsoft has fixed 64 vulnerabilities, with 12 of them being labeled as critical.
For information about the non-security Windows updates, you can read about today's Windows 10 Cumulative Updates.
Privilege escalation vulnerability in Windows 10 Build 1809 Upgrade
An interesting vulnerability was disclosed that would allow an escalation of privileges to someone who is upgrading Windows 10 to build 1809 and select the "Keep Nothing" option during the upgrade process. This vulnerability was given an ID of CVE-2018-8592 and requires physical access to the computer.
Not much is known regarding how the CVE-2018-8592 vulnerability works other than what is described in the security bulletin:
"An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc.) with the “keep nothing” option selected during installation. Successful exploitation of the vulnerability could allow an attacker to gain local access to an affected system.
To exploit the vulnerability, an attacker would need physical access to the console of the affected system.
The update addresses the vulnerability by changing built-in account behavior after the setup process completes."
Critical Vulnerabilities fixed in the November 2018 Patch Tuesday updates
This Patch Tuesday fixes 12 Critical security vulnerabilities that when exploited could lead to code execution. These vulnerabilities are the most dangerous as if they are exploited could allow a remote attacker to execute commands on a vulnerable computer and essentially take full control.
Of the 12 Critical vulnerabilities, 8 of them are in the Chakra Scripting Engine.
CVE-2018-8476 - Windows Deployment Services TFTP Server Remote Code Execution Vulnerability:
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.
CVE-2018-8541 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
CVE-2018-8542 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
CVE-2018-8543 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..
This is currently being classified as Moderate for Windows Server 2016 and 2018, but Critical for all other Windows versions.
CVE-2018-8544 - Windows VBScript Engine Remote Code Execution Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.
This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine.
CVE-2018-8551 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..
CVE-2018-8553 - Microsoft Graphics Components Remote Code Execution Vulnerability:
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file.
CVE-2018-8555 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..
CVE-2018-8556 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..
CVE-2018-8557 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..
CVE-2018-8588 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
This is currently being classified as Moderate for Windows Server 2016 and 2018, but Critical for all other Windows versions.
CVE-2018-8609 - Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability:
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 (on-premises) version 8 validates and sanitizes user input.
The November 2018 Patch Tuesday Security Updates
Below is the full list of vulnerabilities resolved by the November2018 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
| Tag | CVE ID | CVE Title |
|---|---|---|
| .NET Core | CVE-2018-8416 | .NET Core Tampering Vulnerability |
| Active Directory | CVE-2018-8547 | Active Directory Federation Services XSS Vulnerability |
| Adobe Flash Player | ADV180025 | November 2018 Adobe Flash Security Update |
| Azure | CVE-2018-8600 | Azure App Service Cross-site Scripting Vulnerability |
| BitLocker | CVE-2018-8566 | BitLocker Security Feature Bypass Vulnerability |
| Internet Explorer | CVE-2018-8570 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Drivers | CVE-2018-8471 | Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability |
| Microsoft Dynamics | CVE-2018-8605 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8607 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8606 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2018-8609 | Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2018-8608 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability |
| Microsoft Edge | CVE-2018-8564 | Microsoft Edge Spoofing Vulnerability |
| Microsoft Edge | CVE-2018-8545 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-8567 | Microsoft Edge Elevation of Privilege Vulnerability |
| Microsoft Exchange Server | CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8565 | Win32k Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-8485 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8562 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8553 | Microsoft Graphics Components Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2018-8561 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8554 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8563 | DirectX Information Disclosure Vulnerability |
| Microsoft JScript | CVE-2018-8417 | Microsoft JScript Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2018-8579 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8577 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8575 | Microsoft Project Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8576 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8522 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8524 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8539 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8558 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8573 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8574 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8582 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8578 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8572 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8568 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft PowerShell | CVE-2018-8256 | Microsoft PowerShell Remote Code Execution Vulnerability |
| Microsoft PowerShell | CVE-2018-8415 | Microsoft PowerShell Tampering Vulnerability |
| Microsoft RPC | CVE-2018-8407 | MSRPC Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8557 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8552 | Windows Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8551 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8556 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8555 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8541 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8542 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8588 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8544 | Windows VBScript Engine Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8543 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2018-8592 | Windows Elevation Of Privilege Vulnerability |
| Microsoft Windows | ADV180028 | Guidance for configuring BitLocker to enforce software encryption |
| Microsoft Windows | CVE-2018-8476 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2018-8584 | Windows ALPC Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8550 | Windows COM Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8549 | Windows Security Feature Bypass Vulnerability |
| Microsoft Windows Search Component | CVE-2018-8450 | Windows Search Remote Code Execution Vulnerability |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Skype for Business and Microsoft Lync | CVE-2018-8546 | Microsoft Skype for Business Denial of Service Vulnerability |
| Team Foundation Server | CVE-2018-8602 | Team Foundation Server Cross-site Scripting Vulnerability |
| Windows Audio Service | CVE-2018-8454 | Windows Audio Service Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8589 | Windows Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-8408 | Windows Kernel Information Disclosure Vulnerability |
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now