Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s October 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-800 on Wednesday, October 10th.

In-The-Wild & Disclosed CVEs

CVE-2018-8453

This vulnerability, a privilege escalation in Win32k’s handling of objects in memory, has been exploited in the wild. According to ZDNet, the exploit has been used by a nation-state cyber-espionage group known as FruityArmor.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases.

CVE-2018-8423

This vulnerability can be exploited when a user opens a malicious Microsoft JET Database Engine file and Microsoft has acknowledged that it was publicly disclosed. The vulnerability was resolved by changing how the Microsoft JET Database Engine handles objects in memory.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely).

CVE-2018-8497

This publicly disclosed vulnerability could allow an authenticated attacker to escalate their privileges via a flaw in how the Windows Kernel handles objects in memory.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8531

The final publicly disclosed vulnerability this month involves the way that objects are accessed in memory when using the Azure IoT Hub Device Client SDK with the MQTT protocol. An attacker could execute code in the context of the current user.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Windows Hyper-V
2
CVE-2018-8489, CVE-2018-8490
SQL Server
3
CVE-2018-8527, CVE-2018-8532, CVE-2018-8533
Microsoft Windows DNS
1
CVE-2018-8320
Microsoft Exchange Server
3
CVE-2018-8265, CVE-2018-8448, CVE-2010-3190
Microsoft Windows
4
CVE-2018-8333, CVE-2018-8411, CVE-2018-8506, CVE-2018-8493
Microsoft JET Database Engine
1
CVE-2018-8423
Microsoft Edge
4
CVE-2018-8473, CVE-2018-8509, CVE-2018-8512, CVE-2018-8530
Microsoft Graphics Component
4
CVE-2018-8453, CVE-2018-8484, CVE-2018-8486, CVE-2018-8472
Microsoft Scripting Engine
6
CVE-2018-8500, CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513
Device Guard
1
CVE-2018-8492
Microsoft XML Core Services
1
CVE-2018-8494
Windows Shell
2
CVE-2018-8413, CVE-2018-8495
Internet Explorer
2
CVE-2018-8460, CVE-2018-8491
Azure
1
CVE-2018-8531
Windows Kernel
2
CVE-2018-8330, CVE-2018-8497
Microsoft Office
5
CVE-2018-8432, CVE-2018-8427, CVE-2018-8501, CVE-2018-8502, CVE-2018-8504
Windows Media Player
2
CVE-2018-8481, CVE-2018-8482
Microsoft Office SharePoint
4
CVE-2018-8480, CVE-2018-8488, CVE-2018-8518, CVE-2018-8498
Windows – Linux
1
CVE-2018-8329

 

Other Information

In addition to the Microsoft vulnerabilities included in the October Security Guidance, a security advisory was also made available.

Microsoft Office Defense in Depth Update

Microsoft has released a defense in depth update for Microsoft Office.  Microsoft has not included specifics but all versions from Office 2010 forward received this enhancement.

The Executive's Guide to the Top 20 Critical Security Controls