Today’s VERT Alert addresses Microsoft’s November 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-805 on Wednesday, November 14th.
This vulnerability was reported to Microsoft by Kaspersky Labs, who discovered it being exploited by multiple threat actors. The target, at this point, has been Windows 7 x86 systems. The vulnerability takes advantage of a flaw in Windows handles calls to Win32k.sys and could allow an attacker to execute code in the context of the local system.
Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases.
This latest Advanced Local Procedure Call (ALPC) privilege escalation vulnerability could allow attackers to execute code in the context of the local system.
Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).
This physical attack allows attackers to bypass BitLocker during a system reboot because Windows improperly suspends BitLocker Device Encryption. It is important to note that this is not related to Security Advisory [ADV180028] regarding hardware encryption on self-encrypting drives.
Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely).
In addition to the Microsoft vulnerabilities included in the November Security Guidance, a security advisory was also made available.
Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-39. This includes a fix for CVE-2018-15978.
TAG |
CVE COUNT |
CVES |
MICROSOFT WINDOWS |
5 |
CVE-2018-8476, CVE-2018-8592, CVE-2018-8549, CVE-2018-8550, CVE-2018-8584 |
MICROSOFT EDGE |
3 |
CVE-2018-8564, CVE-2018-8545, CVE-2018-8567 |
BITLOCKER |
1 |
CVE-2018-8566 |
MICROSOFT DYNAMICS |
5 |
CVE-2018-8605, CVE-2018-8606, CVE-2018-8607, CVE-2018-8608, CVE-2018-8609 |
INTERNET EXPLORER |
1 |
CVE-2018-8570 |
MICROSOFT SCRIPTING ENGINE |
10 |
CVE-2018-8588, CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8544, CVE-2018-8551, CVE-2018-8552, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557 |
MICROSOFT OFFICE SHAREPOINT |
3 |
CVE-2018-8572, CVE-2018-8568, CVE-2018-8578 |
TEAM FOUNDATION SERVER |
1 |
CVE-2018-8602 |
ACTIVE DIRECTORY |
1 |
CVE-2018-8547 |
MICROSOFT GRAPHICS COMPONENT |
7 |
CVE-2018-8485, CVE-2018-8553, CVE-2018-8554, CVE-2018-8561, CVE-2018-8562, CVE-2018-8563, CVE-2018-8565 |
MICROSOFT DRIVERS |
1 |
CVE-2018-8471 |
WINDOWS KERNEL |
2 |
CVE-2018-8589, CVE-2018-8408 |
MICROSOFT WINDOWS SEARCH COMPONENT |
1 |
CVE-2018-8450 |
MICROSOFT EXCHANGE SERVER |
1 |
CVE-2018-8581 |
MICROSOFT OFFICE |
11 |
CVE-2018-8522, CVE-2018-8576, CVE-2018-8524, CVE-2018-8539, CVE-2018-8558, CVE-2018-8573, CVE-2018-8574, CVE-2018-8575, CVE-2018-8582, CVE-2018-8577, CVE-2018-8579 |
MICROSOFT POWERSHELL |
2 |
CVE-2018-8256, CVE-2018-8415 |
MICROSOFT RPC |
1 |
CVE-2018-8407 |
SKYPE FOR BUSINESS AND MICROSOFT LYNC |
1 |
CVE-2018-8546 |
AZURE |
1 |
CVE-2018-8600 |
.NET CORE |
1 |
CVE-2018-8416 |
MICROSOFT JSCRIPT |
1 |
CVE-2018-8417 |
WINDOWS AUDIO SERVICE |
1 |
CVE-2018-8454 |