Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

November 2018 Microsoft Patch Tuesday

Published: 2018-11-13
Last Updated: 2018-11-13 19:50:14 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

This month, Microsoft patches two issues that have already been disclosed publically. One is related to BitLocker trusting SSDs with faulty encryption. If an SSD offers its own hardware-based encryption, BitLocker will not add its own software encryption on top of it, to save CPU cycles. But last month, it became known that SSD hardware encryption is often implemented badly and can easily be bypassed. As a result, Microsoft releases a patch and also an advisory with details regarding Bitlocker's behavior and how to override it.

The second publicly disclosed vulnerability is the ALPC elevation of privilege issue that was disclosed by SandboxEscaper via Twitter. ScandboxEscaper disclosed a very similar issue a couple months ago. Microsoft patched the issue, but apparently not completely. 

Finally, these updates address a Win32k elevation of privilege vulnerability (cve:2018-8589) which has been exploited in the wild.

For a more detailed breakdown, see Renato's dashboard: 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Core Tampering Vulnerability
CVE-2018-8416 No No Less Likely Less Likely Moderate    
Active Directory Federation Services XSS Vulnerability
CVE-2018-8547 No No Less Likely Less Likely Important 6.5 5.9
Azure App Service Cross-site Scripting Vulnerability
CVE-2018-8600 No No - - Important    
BitLocker Security Feature Bypass Vulnerability
CVE-2018-8566 Yes No Less Likely Less Likely Important 4.6 4.6
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8588 No No - - Critical 4.2 3.8
CVE-2018-8541 No No - - Critical 4.2 3.8
CVE-2018-8542 No No - - Critical 4.2 3.8
CVE-2018-8543 No No - - Critical 4.2 3.8
CVE-2018-8551 No No - - Critical 4.2 3.8
CVE-2018-8555 No No - - Critical 4.2 3.8
CVE-2018-8556 No No - - Critical 4.2 3.8
CVE-2018-8557 No No - - Critical 4.2 3.8
DirectX Elevation of Privilege Vulnerability
CVE-2018-8485 No No Less Likely Less Likely Important 7.0 6.3
CVE-2018-8554 No No More Likely More Likely Important 7.0 6.3
CVE-2018-8561 No No Less Likely Less Likely Important 7.0 6.3
DirectX Information Disclosure Vulnerability
CVE-2018-8563 No No - - Important 4.7 4.2
Guidance for configuring BitLocker to enforce software encryption
ADV180028 Yes No - -      
Internet Explorer Memory Corruption Vulnerability
CVE-2018-8570 No No - - Important 6.4 5.8
Latest Servicing Stack Updates
ADV990001 No No - -      
MSRPC Information Disclosure Vulnerability
CVE-2018-8407 No No Less Likely Less Likely Important 3.3 3.3
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
CVE-2018-8605 No No - - Important    
CVE-2018-8606 No No - - Important    
CVE-2018-8607 No No - - Important    
CVE-2018-8608 No No - - Important    
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
CVE-2018-8609 No No - - Critical    
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2018-8567 No No - - Important 5.4 4.9
Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8545 No No - - Important 4.3 3.9
Microsoft Edge Spoofing Vulnerability
CVE-2018-8564 No No - - Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8574 No No More Likely More Likely Important    
CVE-2018-8577 No No More Likely More Likely Important    
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2018-8581 No No Less Likely Less Likely Important    
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2018-8553 No No - - Critical 7.4 6.7
Microsoft JScript Security Feature Bypass Vulnerability
CVE-2018-8417 No No More Likely More Likely Important 4.5 4.5
Microsoft Outlook Information Disclosure Vulnerability
CVE-2018-8558 No No Less Likely Less Likely Important    
CVE-2018-8579 No No Less Likely Less Likely Important    
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2018-8522 No No More Likely More Likely Important    
CVE-2018-8576 No No More Likely More Likely Important    
CVE-2018-8524 No No Less Likely Less Likely Important    
CVE-2018-8582 No No More Likely More Likely Important    
Microsoft PowerShell Remote Code Execution Vulnerability
CVE-2018-8256 No No Less Likely Less Likely Important 6.3 6.3
Microsoft PowerShell Tampering Vulnerability
CVE-2018-8415 No No Less Likely Less Likely Important 3.3 3.3
Microsoft Project Remote Code Execution Vulnerability
CVE-2018-8575 No No Less Likely Less Likely Important    
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability
CVE-2018-8471 No No Less Likely Less Likely Important 7.0 7.0
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8572 No No Less Likely Less Likely Important    
CVE-2018-8568 No No Less Likely Less Likely Important    
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2018-8578 No No - - Important    
Microsoft Skype for Business Denial of Service Vulnerability
CVE-2018-8546 No No Unlikely Unlikely Low    
Microsoft Word Remote Code Execution Vulnerability
CVE-2018-8539 No No - - Important    
CVE-2018-8573 No No More Likely More Likely Important    
November 2018 Adobe Flash Security Update
ADV180025 No No - - Important    
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2018-8602 No No - - Important    
Win32k Elevation of Privilege Vulnerability
CVE-2018-8562 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2018-8565 No No - - Important 4.7 4.2
Windows ALPC Elevation of Privilege Vulnerability
CVE-2018-8584 Yes No More Likely More Likely Important 7.8 7.5
Windows Audio Service Information Disclosure Vulnerability
CVE-2018-8454 No No Less Likely Less Likely Important 2.5 2.5
Windows COM Elevation of Privilege Vulnerability
CVE-2018-8550 No No Less Likely Less Likely Important 7.0 6.3
Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
CVE-2018-8476 No No More Likely More Likely Critical 8.1 8.1
Windows Elevation Of Privilege Vulnerability
CVE-2018-8592 No No Less Likely Less Likely Important 6.4 6.1
Windows Kernel Information Disclosure Vulnerability
CVE-2018-8408 No No More Likely More Likely Important 3.3 3.3
Windows Scripting Engine Memory Corruption Vulnerability
CVE-2018-8552 No No More Likely More Likely Important 2.4 2.2
Windows Search Remote Code Execution Vulnerability
CVE-2018-8450 No No More Likely More Likely Important 7.5 6.7
Windows Security Feature Bypass Vulnerability
CVE-2018-8549 No No Less Likely Less Likely Important 5.5 5.0
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-8544 No No More Likely More Likely Critical 6.4 5.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2018-8589 No Yes Detected More Likely Important 7.8 7.5

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Using the Neutrino ip-blocklist API to test general badness of an IP
Nov 12th 2018
23 hours ago by Rick (0 comments)

Community contribution: joining forces or multiply solutions?
Nov 11th 2018
2 days ago by Pasquale Stirparo (1 comment)

Video: CyberChef: BASE64/XOR Recipe
Nov 10th 2018
3 days ago by DidierStevens (0 comments)

Playing with T-POT
Nov 9th 2018
4 days ago by Tom (3 comments)

Tunneling scanners (or really anything) over SSH
Nov 7th 2018
6 days ago by Bojan (3 comments)

Malicious Powershell Script Dissection
Nov 6th 2018
1 week ago by Xme (0 comments)

View All Diaries →

Latest Discussions

Mobile Forensics tools - suggestions?
created Oct 8th 2018
1 month ago by Gary (0 replies)

issues with webpy service
created Oct 1st 2018
1 month ago by Alvaro (0 replies)

Pi Honeypot
created Oct 1st 2018
1 month ago by Alvaro (0 replies)

Attempting to report (msg body missing) -- Powershell malware in zip with jpg
created Sep 10th 2018
2 months ago by W60 (0 replies)

SSL Labs vs. SecurityHeaders.io
created Sep 7th 2018
2 months ago by Anonymous (0 replies)

View All Forums →

Latest News

View All News →

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
1 year ago by Brad (6 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
1 year ago by Johannes (16 comments)

Detection Lab: Visibility & Introspection for Defenders
Dec 15th 2017
10 months ago by Russ McRee (2 comments)

Maldoc with auto-updated link
Aug 17th 2017
1 year ago by Xme (2 comments)

Second Google Chrome Extension Banker Malware in Two Weeks
Aug 29th 2017
1 year ago by Renato (0 comments)