Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: November 2018 Microsoft Patch Tuesday - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
November 2018 Microsoft Patch Tuesday

This month, Microsoft patches two issues that have already been disclosed publically. One is related to BitLocker trusting SSDs with faulty encryption. If an SSD offers its own hardware-based encryption, BitLocker will not add its own software encryption on top of it, to save CPU cycles. But last month, it became known that SSD hardware encryption is often implemented badly and can easily be bypassed. As a result, Microsoft releases a patch and also an advisory with details regarding Bitlocker's behavior and how to override it.

The second publicly disclosed vulnerability is the ALPC elevation of privilege issue that was disclosed by SandboxEscaper via Twitter. ScandboxEscaper disclosed a very similar issue a couple months ago. Microsoft patched the issue, but apparently not completely. 

Finally, these updates address a Win32k elevation of privilege vulnerability (cve:2018-8589) which has been exploited in the wild.

For a more detailed breakdown, see Renato's dashboard: 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Core Tampering Vulnerability
CVE-2018-8416 No No Less Likely Less Likely Moderate    
Active Directory Federation Services XSS Vulnerability
CVE-2018-8547 No No Less Likely Less Likely Important 6.5 5.9
Azure App Service Cross-site Scripting Vulnerability
CVE-2018-8600 No No - - Important    
BitLocker Security Feature Bypass Vulnerability
CVE-2018-8566 Yes No Less Likely Less Likely Important 4.6 4.6
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8588 No No - - Critical 4.2 3.8
CVE-2018-8541 No No - - Critical 4.2 3.8
CVE-2018-8542 No No - - Critical 4.2 3.8
CVE-2018-8543 No No - - Critical 4.2 3.8
CVE-2018-8551 No No - - Critical 4.2 3.8
CVE-2018-8555 No No - - Critical 4.2 3.8
CVE-2018-8556 No No - - Critical 4.2 3.8
CVE-2018-8557 No No - - Critical 4.2 3.8
DirectX Elevation of Privilege Vulnerability
CVE-2018-8485 No No Less Likely Less Likely Important 7.0 6.3
CVE-2018-8554 No No More Likely More Likely Important 7.0 6.3
CVE-2018-8561 No No Less Likely Less Likely Important 7.0 6.3
DirectX Information Disclosure Vulnerability
CVE-2018-8563 No No - - Important 4.7 4.2
Guidance for configuring BitLocker to enforce software encryption
ADV180028 Yes No - -      
Internet Explorer Memory Corruption Vulnerability
CVE-2018-8570 No No - - Important 6.4 5.8
Latest Servicing Stack Updates
ADV990001 No No - -      
MSRPC Information Disclosure Vulnerability
CVE-2018-8407 No No Less Likely Less Likely Important 3.3 3.3
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
CVE-2018-8605 No No - - Important    
CVE-2018-8606 No No - - Important    
CVE-2018-8607 No No - - Important    
CVE-2018-8608 No No - - Important    
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
CVE-2018-8609 No No - - Critical    
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2018-8567 No No - - Important 5.4 4.9
Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8545 No No - - Important 4.3 3.9
Microsoft Edge Spoofing Vulnerability
CVE-2018-8564 No No - - Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8574 No No More Likely More Likely Important    
CVE-2018-8577 No No More Likely More Likely Important    
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2018-8581 No No Less Likely Less Likely Important    
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2018-8553 No No - - Critical 7.4 6.7
Microsoft JScript Security Feature Bypass Vulnerability
CVE-2018-8417 No No More Likely More Likely Important 4.5 4.5
Microsoft Outlook Information Disclosure Vulnerability
CVE-2018-8558 No No Less Likely Less Likely Important    
CVE-2018-8579 No No Less Likely Less Likely Important    
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2018-8522 No No More Likely More Likely Important    
CVE-2018-8576 No No More Likely More Likely Important    
CVE-2018-8524 No No Less Likely Less Likely Important    
CVE-2018-8582 No No More Likely More Likely Important    
Microsoft PowerShell Remote Code Execution Vulnerability
CVE-2018-8256 No No Less Likely Less Likely Important 6.3 6.3
Microsoft PowerShell Tampering Vulnerability
CVE-2018-8415 No No Less Likely Less Likely Important 3.3 3.3
Microsoft Project Remote Code Execution Vulnerability
CVE-2018-8575 No No Less Likely Less Likely Important    
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability
CVE-2018-8471 No No Less Likely Less Likely Important 7.0 7.0
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8572 No No Less Likely Less Likely Important    
CVE-2018-8568 No No Less Likely Less Likely Important    
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2018-8578 No No - - Important    
Microsoft Skype for Business Denial of Service Vulnerability
CVE-2018-8546 No No Unlikely Unlikely Low    
Microsoft Word Remote Code Execution Vulnerability
CVE-2018-8539 No No - - Important    
CVE-2018-8573 No No More Likely More Likely Important    
November 2018 Adobe Flash Security Update
ADV180025 No No - - Important    
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2018-8602 No No - - Important    
Win32k Elevation of Privilege Vulnerability
CVE-2018-8562 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2018-8565 No No - - Important 4.7 4.2
Windows ALPC Elevation of Privilege Vulnerability
CVE-2018-8584 Yes No More Likely More Likely Important 7.8 7.5
Windows Audio Service Information Disclosure Vulnerability
CVE-2018-8454 No No Less Likely Less Likely Important 2.5 2.5
Windows COM Elevation of Privilege Vulnerability
CVE-2018-8550 No No Less Likely Less Likely Important 7.0 6.3
Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
CVE-2018-8476 No No More Likely More Likely Critical 8.1 8.1
Windows Elevation Of Privilege Vulnerability
CVE-2018-8592 No No Less Likely Less Likely Important 6.4 6.1
Windows Kernel Information Disclosure Vulnerability
CVE-2018-8408 No No More Likely More Likely Important 3.3 3.3
Windows Scripting Engine Memory Corruption Vulnerability
CVE-2018-8552 No No More Likely More Likely Important 2.4 2.2
Windows Search Remote Code Execution Vulnerability
CVE-2018-8450 No No More Likely More Likely Important 7.5 6.7
Windows Security Feature Bypass Vulnerability
CVE-2018-8549 No No Less Likely Less Likely Important 5.5 5.0
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-8544 No No More Likely More Likely Critical 6.4 5.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2018-8589 No Yes Detected More Likely Important 7.8 7.5

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich March 2019

Johannes

3415 Posts
ISC Handler
thanks Johannes!
Anonymous

Sign Up for Free or Log In to start participating in the conversation!