Exploits & Vulnerabilities
Patch Tuesday Fixes Zero-Day Win32k Bug
This month’s round of updates, which fixes 63 bugs, includes a patch for a zero-day vulnerability (CVE-2018-8589) that is already being used in malicious attacks.
As the year comes to a close, updates for both Microsoft and Adobe products and services are still ongoing via Patch Tuesday. This month’s round of updates, which fixes 63 bugs, includes a patch for a zero-day vulnerability that is already being used in malicious attacks. Perhaps the most notable vulnerability addressed this month is CVE-2018-8589, another Win32k Elevation of Privilege Vulnerability that is similar to October’s CVE-2018-8453, which allows an attacker to make use of specially crafted applications to take full control of a targeted machine. Kaspersky Lab researchers confirmed that threat actors are already actively exploiting this bug for their attacks.
Microsoft addressed two other publicly known vulnerabilities. The first vulnerability (CVE-2018-8584) is an Elevation of Privilege vulnerability involving Advanced Local Procedure Call (ALPC). An attacker who runs arbitrary codes to exploit this bug could potentially install programs, manipulate data, and have access to full user rights. The second public vulnerability (CVE-2018-8566) is a BitLocker Security Feature Bypass vulnerability that requires the attacker gaining physical access to the target system.
Microsoft’s Chakra JavaScript engine, which is used in Microsoft Edge web browser, also had its own fair share of updates, as eight critical vulnerabilities were addressed, including CVE-2018-8588, a Chakra Scripting Engine Memory Corruption Vulnerability which was discovered by researchers working with Trend Micro’s Zero Day Initiative, among others.
Adobe also released their own security updates for the month, including fixes for Photoshop, Flash, and Acrobat.
Trend Micro™ Deep Security and Vulnerability Protection protect user systems from any threats that may target the vulnerabilities addressed in this month’s round of updates via the following DPI rules:
- 1009366-Microsoft Outlook Multiple Security Vulnerabilities (CVE-2018-8522, CVE-2018-8582, CVE-2018-8576)
- 1009368-Microsoft Word Remote Code Execution Vulnerability (CVE-2018-8539)
- 1009369-Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8544)
- 1009371-Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8552)
- 1009372-Microsoft Windows Graphics Components Remote Code Execution Vulnerability (CVE-2018-8553)
- 1009374-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8555)
- 1009375-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8556)
- 1009376-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8557)
- 1009378-Microsoft Windows DirectX Information Disclosure Vulnerability (CVE-2018-8563)
- 1009381-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8588)
- 1009382-Microsoft Windows Multiple Security Vulnerabilities (CVE-2018-8408, CVE-2018-8565, CVE-2018-8589)
- 1009383-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8542)
Trend Micro™ TippingPoint™ customers are protected from threats that may exploit this month’s list of vulnerabilities via these MainlineDV filters:
- 33407: HTTP: Microsoft Internet Explorer Scripting.Dictionary Use-After-Free Vulnerability
- 33415: HTTP: Microsoft Windows Kernel Information Disclosure Vulnerability
- 33416: TFTP: Microsoft Windows Deployment Services Use-After-Free Vulnerability
- 33417: HTTP: Microsoft Outlook Memory Corruption Vulnerability
- 33419: HTTP: Microsoft Office Memory Corruption Vulnerability
- 33420: HTTP: Microsoft Edge MergeWithObject Type Confusion Vulnerability
- 33422: HTTP: Microsoft VBScript Engine VbsFilter Out-Of-Bounds Write Vulnerability
- 33423: HTTP: Microsoft Windows Win32k Out-Of-Bounds Write Vulnerability
- 33425: HTTP: Microsoft Edge JIT Engine Type Confusion Vulnerability
- 33426: HTTP: Microsoft Edge TypedArray Type Confusion Vulnerability
- 33427: HTTP: Microsoft Edge JIT getPrototypeOf Type Confusion Vulnerability
- 33429: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
- 33430: HTTP: Microsoft API SetWindowPos Information Disclosure Vulnerability