Today, Microsoft Patch Tuesday October 2018 has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 49 new vulnerabilities, with 12 of them rated critical, 34 are rated Important, two are listed as Moderate and one as low in severity. These vulnerabilities impact Microsoft Edge, Internet Explorer, Microsoft Exchange Server, Microsoft Office, Microsoft Office SharePoint, Microsoft Windows, SQL Server, etc. The vulnerabilities can be mitigated using a vulnerability management tool.
Also, all the impacted applications by these vulnerabilities can be patched using a patch management tool.
In-the-wild
CVE-2018-8453 – Kaspersky Labs discovered and reported the active attacks on the CVE. This elevation of privilege flaw in the way Win32K handles drivers allows attackers to run their code with kernel mode access, granting the ability to do things like create new accounts and full ability to write or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
Publicly disclosed
1) CVE-2018-8423 – A remote code execution vulnerability exists in the Microsoft JET Database Engine. To exploit the vulnerability, a user must open/import a specially crafted Microsoft JET Database Engine file. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted file to the user, and then convince the user to open the file.
2) CVE-2018-8497 – An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
3) CVE-2018-8531 – A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.
Few other critical vulnerabilities
1) CVE-2018-8492 – A Trend Micro’s Zero Day Initiative researcher Dustin Childs warned admins on this CVE, a security bypass flaw in Device Guard and asked them to pay special attention to this isssue. He said “This patch corrects a vulnerability that could allow an attacker to inject malicious code into a Windows PowerShell session”.
2) CVE-2018-8489 – Microsoft warned about this flaw in Windows Hyper-V, remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
October 2018 patch Tuesday release consists of security updates for the following products:
- Internet Explorer
- Microsoft Edge
- Microsoft Office
- Microsoft Azure
- Microsoft Windows
- Microsoft SQL Server Management Studio
- ChakraCore
- Microsoft Windows Hyper-V
- PowerShell Core
- .NET Core
- Microsoft Exchange Server
Microsoft Patch Tuesday October 2018 security bulletin summary :
- Product : Microsoft Edge
CVE’s/Advisory : CVE-2018-8473, CVE-2018-8503, CVE-2018-8505, CVE-2018-8509, CVE-2018-8510, CVE-2018-8511, CVE-2018-8512, CVE-2018-8513, CVE-2018-8530
Severity : Critical
Impact : Remote Code Execution, Security Feature Bypass
KB’s : 4462917, 4462918, 4462919, 4462922, 4462937, 4464330
2. Product : Internet Explorer
CVE’s/Advisory : CVE-2018-8460, CVE-2018-8491
Severity : Critical
Impact : Remote Code Execution,
KB’s : 4462917, 4462918, 4462919, 4462922, 4462923, 4462926, 4462937, 4462949, 4464330
3. Product : ChakraCore
CVE’s/Advisory : CVE-2018-8473, CVE-2018-8500, CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513
Severity : Critical
Impact : Remote Code Execution
4. Product : Azure IoT
CVE’s/Advisory : CVE-2018-8531, CVE-2018-8531
Severity : Important
Impact : Information Disclosure, Remote Code Execution
5. Product : SQL Server Management Studio
CVE’s/Advisory : CVE-2018-8527, CVE-2018-8532, CVE-2018-8533
Severity : Important
Impact : Information Disclosure
6. Product : PowerShell Core
CVE’s/Advisory : CVE-2018-8292
Severity : Important
Impact : Information Disclosure
7. Product : .NET Core
CVE’s/Advisory : CVE-2018-8292
Severity : Important
Impact : Information Disclosure
8. Product : Microsoft Exchange Server
CVE’s/Advisory : CVE-2010-3190, CVE-2018-8265, CVE-2018-8448
Severity : Important
Impact : Remote Code Execution, Elevation of Privilege
KB’s : 2565063, 4459266
9. Product : Microsoft Office
CVE’s/Advisory : ADV180026, CVE-2018-8427, CVE-2018-8432, CVE-2018-8480, CVE-2018-8488, CVE-2018-8498, CVE-2018-8501, CVE-2018-8502, CVE-2018-8504, CVE-2018-8518
Severity : Important
Impact : Remote Code Execution, Elevation of Privilege
KB’s : 4022138, 4092437, 4092439, 4092444, 4092453, 4092464, 4092477, 4092481, 4092482, 4092483, 4227167, 4227170, 4461434, 4461437, 4461440, 4461445, 4461447, 4461448, 4461449, 4461450, 4461457, 4461460, 4461466
10. Product : Windows
CVE’s/Advisory : CVE-2018-8320, CVE-2018-8329, CVE-2018-8330, CVE-2018-8333, CVE-2018-8411, CVE-2018-8413, CVE-2018-8423, CVE-2018-8427, CVE-2018-8432, CVE-2018-8453, CVE-2018-8472, CVE-2018-8481, CVE-2018-8482, CVE-2018-8484, CVE-2018-8486, CVE-2018-8489, CVE-2018-8490, CVE-2018-8492, CVE-2018-8493, CVE-2018-8494, CVE-2018-8495, CVE-2018-8497, CVE-2018-8506
Severity : Critical
Impact : Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution, Security Feature Bypass
KB’s : 4462915, 4462917, 4462918, 4462919, 4462922, 4462923, 4462926, 4462929, 4462931, 4462937, 4462941, 4463097, 4463104, 4464330
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.