Tuesday 11 September 2018

Microsoft Patches Three Actively Exploited Bugs as Part of Patch Tuesday


The Microsoft version of the September patch attacks three vulnerabilities that are actively exploited in nature.

Microsoft has patched a privilege elevation vulnerability that they say is being actively exploited by hackers. The solution was part of the release of the September patch scheduled for Microsoft. The error (CVE-2018-8440) is considered important and can be used by an attacker to execute arbitrary code on a vulnerable local PC.

In addition to the actively exploited error, Microsoft patched two critical vulnerabilities (CVE-2018-8475 and CVE-2018-8457) in the update that said they were publicly known but not exploited. A fourth major error of denial of service (CVE-2018-8409) was also publicly known before being patched, but not exploited.

In total, the release of Microsoft's September patch included 61 fixes that included 17 critical failures, 43 major and one moderate. The 17 critical vulnerabilities are Remote Code Execution (RCE) errors. The 61 patched vulnerabilities affected a range of products including Internet Explorer, Edge, Hyper-V, Windows components, Office and the Microsoft JavaScript engine, ChakraCore.

Most notable of the defects revealed on Tuesday are two Windows privilege elevation vulnerabilities (rated as important). Both viruses were reported on August 27 through Twitter by the researcher @SandboxEscaper. Errors (CVE-2018-0868 and CVE-2018-8339) could allow a local adversary to take advantage of a weakness in the Windows Task Scheduler API and execute arbitrary code on a specific system.

Microsoft did not indicate that the errors were actively exploited. However, researchers at Recorded Future and elsewhere said both errors were used in active campaigns and urged system administrators to update the systems as soon as possible.

"[We are] seeing these vulnerabilities being exploited in nature ... so these should be the first priority when it comes to patches," wrote Allan Liska, threat intelligence analyst at Recorded Future, in detail of the patch release. of Microsoft. Both vulnerabilities affect Windows 7 through Windows 10 and include Windows Server 2008 through Windows Server 2016.

In addition to these flaws, Microsoft also addressed a couple of critical Windows Remote Hyper-V code execution vulnerabilities. "These are two different CVEs, but I grouped them because they have the same scenario of exploitation and impact," wrote Dustin Childs of the Zero Day Initiative in his Patch Tuesday analysis. "In both cases, a user in a guest virtual machine could execute code in the operating system of the underlying hypervisor, the main cause of these two errors going back to failure when correctly validating user input."

A total of 19 of Microsoft's patches are linked to their Edge or Internet Explorer browsers. One of them was a patch for a memory corruption vulnerability in the Microsoft JavaScript engine, ChakraCore. "This mainly affects Microsoft Edge, but allows an attacker to gain remote access to a system by using a script to damage memory, and then have the attacker run the loader that calls his command and control the infrastructure Because this vulnerability allows an attacker to gain remote access, it must also be prioritized for patching, "said Liska.

Two other serious RCE vulnerabilities addressed this month are a Win32k graphics vulnerability (CVE-2018-8332), which could be exploited by convincing a user to navigate to a website or open a document containing a malicious embedded source, said Greg Wiseman, senior security researcher, at Rapid7 in his analysis of Microsoft's Patch Tuesday release.

He also warned about vulnerability (CVE-2018-8430), a Word PDF RCE vulnerability.

"There is a remote code execution vulnerability in Microsoft Word if a user opens a specially crafted PDF file," Microsoft said in the error. "An attacker who successfully exploited the vulnerability could trigger the execution of arbitrary code in the context of the current user." To exploit the vulnerability, an attacker must entice the user to open a specially crafted PDF file.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.