Today’s VERT Alert addresses Microsoft’s November 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-805 on Wednesday, November 14th.
出回っている & 公開されているCVE
CVE-2018-8589
This vulnerability was reported to Microsoft by Kaspersky Labs, who discovered it being exploited by multiple threat actors. The target, at this point, has been Windows 7 x86 systems. The vulnerability takes advantage of a flaw in Windows handles calls to Win32k.sys and could allow an attacker to execute code in the context of the local system.
Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases.
CVE-2018-8584
This latest Advanced Local Procedure Call (ALPC) privilege escalation vulnerability could allow attackers to execute code in the context of the local system.
Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).
CVE-2018-8566
This physical attack allows attackers to bypass BitLocker during a system reboot because Windows improperly suspends BitLocker Device Encryption. It is important to note that this is not related to Security Advisory [ADV180028] regarding hardware encryption on self-encrypting drives.
Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely).
その他の情報
In addition to the Microsoft vulnerabilities included in the November Security Guidance, a security advisory was also made available.
November 2018 Adobe Flash Security Update [ADV180025]
Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-39. This includes a fix for CVE-2018-15978.
CVE Breakdown by Tag
TAG |
CVE COUNT |
CVES |
MICROSOFT WINDOWS |
5 |
CVE-2018-8476, CVE-2018-8592, CVE-2018-8549, CVE-2018-8550, CVE-2018-8584 |
MICROSOFT EDGE |
3 |
CVE-2018-8564, CVE-2018-8545, CVE-2018-8567 |
BITLOCKER |
1 |
CVE-2018-8566 |
MICROSOFT DYNAMICS |
5 |
CVE-2018-8605, CVE-2018-8606, CVE-2018-8607, CVE-2018-8608, CVE-2018-8609 |
INTERNET EXPLORER |
1 |
CVE-2018-8570 |
MICROSOFT SCRIPTING ENGINE |
10 |
CVE-2018-8588, CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8544, CVE-2018-8551, CVE-2018-8552, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557 |
MICROSOFT OFFICE SHAREPOINT |
3 |
CVE-2018-8572, CVE-2018-8568, CVE-2018-8578 |
TEAM FOUNDATION SERVER |
1 |
CVE-2018-8602 |
ACTIVE DIRECTORY |
1 |
CVE-2018-8547 |
MICROSOFT GRAPHICS COMPONENT |
7 |
CVE-2018-8485, CVE-2018-8553, CVE-2018-8554, CVE-2018-8561, CVE-2018-8562, CVE-2018-8563, CVE-2018-8565 |
MICROSOFT DRIVERS |
1 |
CVE-2018-8471 |
WINDOWS KERNEL |
2 |
CVE-2018-8589, CVE-2018-8408 |
MICROSOFT WINDOWS SEARCH COMPONENT |
1 |
CVE-2018-8450 |
MICROSOFT EXCHANGE SERVER |
1 |
CVE-2018-8581 |
MICROSOFT OFFICE |
11 |
CVE-2018-8522, CVE-2018-8576, CVE-2018-8524, CVE-2018-8539, CVE-2018-8558, CVE-2018-8573, CVE-2018-8574, CVE-2018-8575, CVE-2018-8582, CVE-2018-8577, CVE-2018-8579 |
MICROSOFT POWERSHELL |
2 |
CVE-2018-8256, CVE-2018-8415 |
MICROSOFT RPC |
1 |
CVE-2018-8407 |
SKYPE FOR BUSINESS AND MICROSOFT LYNC |
1 |
CVE-2018-8546 |
AZURE |
1 |
CVE-2018-8600 |
.NET CORE |
1 |
CVE-2018-8416 |
MICROSOFT JSCRIPT |
1 |
CVE-2018-8417 |
WINDOWS AUDIO SERVICE |
1 |
CVE-2018-8454 |