Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Microsoft Patches Actively Exploited Windows Vulnerability

Microsoft’s Patch Tuesday updates for November 2018 address more than 60 vulnerabilities, including zero-days and publicly disclosed flaws.

Microsoft’s Patch Tuesday updates for November 2018 address more than 60 vulnerabilities, including zero-days and publicly disclosed flaws.

Researchers at Kaspersky Lab informed Microsoft of a privilege escalation vulnerability in Windows that has been actively exploited by malicious actors. The flaw, tracked as CVE-2018-8589, allows an attacker to execute arbitrary code in the context of the local user. The issue, caused due to the way Windows handles calls to Win32k.sys, only affects Windows 7 and Windows Server 2008.

Since exploitation requires authentication, threat actors are likely exploiting the flaw in combination with another vulnerability or stolen credentials. Kaspersky will soon share additional details about the security hole and the attacks.

Last month, Microsoft patched another zero-day reported by Kaspersky. That flaw, identified as CVE-2018-8453, had been exploited by the threat group known as FruityArmor in a highly targeted campaign.

Microsoft has also patched a privilege escalation vulnerability disclosed last month by a researcher who uses the online moniker SandboxEscaper.

The weakness, identified as CVE-2018-8584, is related to the Advanced Local Procedure Call (ALPC), and Microsoft says an authenticated attacker can use it to elevate privileges and take control of a vulnerable system. Windows 10 and recent versions of Windows Server are impacted.

Advertisement. Scroll to continue reading.

A proof-of-concept (PoC) exploit published by SandboxEscaper when the flaw was disclosed deletes files from the system and causes it to crash. The researcher has published a blog post describing how the issue was discovered.

The researcher previously disclosed an unpatched Windows vulnerability which ended up being exploited in attacks by a threat group tracked as PowerPool. Microsoft learned about both vulnerabilities through public disclosure.

Microsoft also resolved a disclosed vulnerability that allows an attacker with physical access to a system to bypass BitLocker device encryption. The tech giant says this issue is not related to research on flawed SSD encryption, for which it recently published an advisory.

Nearly a dozen of the vulnerabilities patched this month are critical, including several memory corruption bugs affecting Internet Explorer and Edge, and remote code execution flaws in the Windows Deployment Services TFTP server, graphics components, and the VBScript engine.

Adobe’s Patch Tuesday updates address vulnerabilities in Flash Player, Acrobat and Reader, and Photoshop. The flaw patched in Acrobat and Reader is the most interesting as a PoC exploit is publicly available.

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.