Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s November 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-805 on Wednesday, November 14th.

In-The-Wild & Disclosed CVEs

CVE-2018-8589

This vulnerability was reported to Microsoft by Kaspersky Labs, who discovered it being exploited by multiple threat actors. The target, at this point, has been Windows 7 x86 systems. The vulnerability takes advantage of a flaw in Windows handles calls to Win32k.sys and could allow an attacker to execute code in the context of the local system.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases.

CVE-2018-8584

This latest Advanced Local Procedure Call (ALPC) privilege escalation vulnerability could allow attackers to execute code in the context of the local system.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8566

This physical attack allows attackers to bypass BitLocker during a system reboot because Windows improperly suspends BitLocker Device Encryption. It is important to note that this is not related to Security Advisory [ADV180028] regarding hardware encryption on self-encrypting drives.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Microsoft Windows
5
CVE-2018-8476, CVE-2018-8592, CVE-2018-8549, CVE-2018-8550, CVE-2018-8584
Microsoft Edge
3
CVE-2018-8564, CVE-2018-8545, CVE-2018-8567
BitLocker
1
CVE-2018-8566
Microsoft Dynamics
5
CVE-2018-8605, CVE-2018-8606, CVE-2018-8607, CVE-2018-8608, CVE-2018-8609
Internet Explorer
1
CVE-2018-8570
Microsoft Scripting Engine
10
CVE-2018-8588, CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8544, CVE-2018-8551, CVE-2018-8552, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557
Microsoft Office SharePoint
3
CVE-2018-8572, CVE-2018-8568, CVE-2018-8578
Team Foundation Server
1
CVE-2018-8602
Active Directory
1
CVE-2018-8547
Microsoft Graphics Component
7
CVE-2018-8485, CVE-2018-8553, CVE-2018-8554, CVE-2018-8561, CVE-2018-8562, CVE-2018-8563, CVE-2018-8565
Microsoft Drivers
1
CVE-2018-8471
Windows Kernel
2
CVE-2018-8589, CVE-2018-8408
Microsoft Windows Search Component
1
CVE-2018-8450
Microsoft Exchange Server
1
CVE-2018-8581
Microsoft Office
11
CVE-2018-8522, CVE-2018-8576, CVE-2018-8524, CVE-2018-8539, CVE-2018-8558, CVE-2018-8573, CVE-2018-8574, CVE-2018-8575, CVE-2018-8582, CVE-2018-8577, CVE-2018-8579
Microsoft PowerShell
2
CVE-2018-8256, CVE-2018-8415
Microsoft RPC
1
CVE-2018-8407
Skype for Business and Microsoft Lync
1
CVE-2018-8546
Azure
1
CVE-2018-8600
.NET Core
1
CVE-2018-8416
Microsoft JScript
1
CVE-2018-8417
Windows Audio Service
1
CVE-2018-8454

Other Information

In addition to the Microsoft vulnerabilities included in the November Security Guidance, a security advisory was also made available.

November 2018 Adobe Flash Security Update [ADV180025]

Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-39. This includes a fix for CVE-2018-15978.

The Executive's Guide to the Top 20 Critical Security Controls