Microsoft Security Bulletin December 2018 released its monthly set of security updates to address the vulnerabilities in its products today. There are 39 vulnerabilities listed with 9 rated critical and 30 rated important in severity. These updates have addressed the issues in Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, ChakraCore, .NET Framework, etc.
Zero-day attacks
Two important zero-days were addressed in this Microsoft Security Bulletin December 2018 update
CVE-2018-8611 – An elevation of privilege vulnerability exists in the windows kernel due to improper handling of objects in the memory. The exploitation of this vulnerability could allow an attacker to execute arbitrary code with kernel privileges. It is a particularly dangerous one and can bypass the sandbox in modern web browsers.
This vulnerability was reported by researchers at Kaspersky Labs for the third time in a row. According to Kaspersky, CVE-2018-8611 is a race condition that is present in the Kernel Transaction Manager due to improper processing of transacted file operations in kernel mode.
This bug affects all users of Windows 7 through Server 2019. It is also believed that this vulnerability was exploited in the wild and is a part of a malware used for attacks by a nation-state group. Recent studies have shown that vulnerability was exploited by a threat actor SandCat mainly targeting the Middle East and Africa.
Another important update relates to the zero-day vulnerabilities in Adobe Flash Player which were a part of an APT attack against a medical clinic in Russia. This attack was called “Operation Poison Needles” and used malicious word documents that could be used to install backdoors on a vulnerable system to steal data. This vulnerability was discovered by 360 Advanced Threat Response Team in late November. Adobe released updates for two vulnerabilities, CVE-2018-15982 and CVE-2018-15983 which lead to Arbitrary Code Execution and Privilege Escalation respectively. But only CVE-2018-15982 is wildly exploited.
Publicly Disclosed
CVE-2018-8517 – An important denial of service vulnerability exists in the .NET Framework due to improper handling of web requests. This vulnerability can be exploited remotely without any authentication to cause denial of sevice in a .NET Framework web application. This vulnerability was known to the public ahead of time but was not exploited.
Critical vulnerabilities
All the critical vulnerabilities listed under this update lead to Remote Code Execution(RCE). And five out of nine critical vulnerabilities were found in the Chakra Scripting Engine, a JavaScript engine developed by Microsoft for its Microsoft Edge web browser. The details of these critical vulnerabilities are outlined below:
- CVE-2018-8583 , CVE-2018-8617, CVE-2018-8618, CVE-2018-8624 and CVE-2018-8629 lead to RCE due to the improper handling of objects in the memory in Microsoft Edge by the Chakra Scripting Engine. These are memory corruption issues which could allow an attacker who exploited this vulnerability to execute arbitrary code and gain user rights.
- CVE-2018-8540 and CVE-2018-8631 address memory corruption issues in .NET Framework and Internet Explorer respectively. These vulnerabilties exist due to improper handling of objects in the memory.
- CVE-2018-8626 lists a flaw in the Domain Name System(DNS) which leads to Remote Code Execution when the requests are not handled properly. An attacker who exploited this vulnerability could execute arbitrary code in the context of Local System Account.
- CVE-2018-8634 lists a flaw in the Microsoft text-to-speech which improperly handles the objects in memory leading to RCE. Vulnerabilities in newer functionalities like text-to-speech are quite uncommon as they have an unknown attack surface.
December 2018 patch Tuesday release consists of security updates for the following products:
- Adobe Flash Player
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- ChakraCore
- .NET Framework
- Microsoft Dynamics NAV
- Microsoft Exchange Server
- Microsoft Visual Studio
- Windows Azure Pack (WAP)
Microsoft security bulletin summary for December 2018:
Product : Internet Explorer
CVEs/Advisory : CVE-2018-8619, CVE-2018-8625, CVE-2018-8631, CVE-2018-8643
Severity : Critical
Impact :Remote Code Execution
KBs : 4470199, 4471318, 4471320, 4471321, 4471323, 4471324, 4471325, 4471327, 4471329, 4471330, 4471332
Product : Microsoft Edge
CVEs/Advisory : CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629
Severity : Critical
Impact :Remote Code Execution
KBs : 4471321, 4471323, 4471324, 4471327, 4471329, 4471332
Product : ChakraCore
CVEs/Advisory : CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624, CVE-2018-8629
Severity : Critical
Impact :Remote Code Execution
Product : .NET Framework
CVEs/Advisory : CVE-2018-8517, CVE-2018-8540
Severity : Critical
Impact :Remote Code Execution, Denial of Service
KBs : 4470491, 4470492, 4470493, 4470498, 4470499, 4470500, 4470502, 4470600, 4470601, 4470602, 4470622, 4470623, 4470629, 4470630, 4470633, 4470637, 4470638, 4470639, 4470640, 4470641, 4471102, 4471321, 4471323, 4471324, 4471327, 4471329
Product : Microsoft Dynamics NAV
CVEs/Advisory : CVE-2018-8651
Severity : Important
Impact : Spoofing
KBs : 4479232, 4479233
Product : Microsoft Exchange Server
CVEs/Advisory : CVE-2018-8604
Severity : Important
Impact : Tampering
KBs : 4468741
Product : Microsoft Visual Studio
CVEs/Advisory : CVE-2018-8599
Severity : Important
Impact : Elevation of Privilege
KBs : 4469516
Product : Adobe Flash Player
CVEs/Advisory : ADV180031
Severity : Critical
Impact : Remote Code Execution
KBs : 4471331
Product : Microsoft Office
CVEs/Advisory : , CVE-2018-8580, CVE-2018-8587, CVE-2018-8597, CVE-2018-8598, CVE-2018-8627, CVE-2018-8628, CVE-2018-8635, CVE-2018-8636, CVE-2018-8650
Severity : Important
Impact : Remote Code Execution, Information Disclosure
KBs : 2597975, 2965312, 4011027, 4011207, 4011680 , 4092472, 4461465, 4461481, 4461521, 4461532, 4461541, 4461542, 4461544, 4461548, 4461549, 4461551, 4461556, 4461558, 4461559, 4461565, 4461566, 4461569, 4461570, 4461576, 4461577, 4461580
Product : Windows Azure Pack (WAP)
CVEs/Advisory : CVE-2018-8652
Severity : Important
Impact : Remote Code Execution
KBs : 4480788
Product : Windows
CVEs/Advisory : CVE-2018-8477, CVE-2018-8514, CVE-2018-8595, CVE-2018-8596, CVE-2018-8599, CVE-2018-8611, CVE-2018-8612, CVE-2018-8621, CVE-2018-8622, CVE-2018-8626, CVE-2018-8634, CVE-2018-8637, CVE-2018-8638, CVE-2018-8639, CVE-2018-8641, CVE-2018-8649, CVE-2018-8652
Severity : Important
Impact : Remote Code Execution
KBs : 4471318, 4471319, 4471320, 4471321, 4471322, 4471323, 4471324, 4471325, 4471326, 4471327, 4471328, 4471329, 4471330, 4471332, 4480788
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.