
close
close
Microsoft patches 62 vulnerabilities, 17 of which are rated Critical. Including a patch for the zero-day ALPC vulnerability that was publicly disclosed on Twitter at the end of August.
advertisment
This month Microsoft patches five critical vulnerabilities for all versions of Windows 10 and Windows Server 2016, and some of them affect older versions of Windows. All are remote code execution flaws, one of which is in Hyper-V and could allow an attacker to execute arbitrary code. There are also patches for flaws caused by embedded fonts, the MS XML parser, and specially crafted image files.
On 27th August a Twitter user (@SandboxEscaper) publicly released information about a zero-day Advanced Local Procedure Call (ALPC) vulnerability in Windows that could allow hackers with local access to the Task Scheduler to elevate privileges to SYSTEM. The user posted a link to proof-of-concept code, which was verified independently by the United States Computer Emergency Readiness Team (US-CERT) to work on fully-patched Windows 10 and Windows Server 2016 64-bit systems.
The flaw was found in the way Task Scheduler handles Advanced Local Procedure Calls (ALPCs), which is a kernel process that allows client processes to communicate with server processes. Microsoft acknowledged the ALPC bug and in this month patches it. While rated Important and not Critical by Microsoft, this one is important to patch because it is already being exploited in a targeted campaign.
Among the other flaws rated Important, the Hyper-V BIOS loader fails to provide a high-entropy source and Device Guard incorrectly validates an untrusted file. Six elevation of privilege vulnerabilities are also patched.
advertisment
Microsoft published a security advisory (CVE-2018-5391) for a Windows denial of service vulnerability but no fix, just a workaround. The fragment stack vulnerability was patched in the Linux kernel last month and can result in packet loss due to out-of-order IP packets being dropped. Microsoft discovered that the vulnerability also affects Windows systems and you can read about a workaround if you think you might be vulnerable here.
CVE-2018-8457 is a scripting engine memory corruption vulnerability in Edge and IE that could be exploited via a malicious website or Office file. While it is thought that hackers already knew about this flaw, there is no evidence that it was being exploited prior to this month’s patches. There are nine other critical patches for both browsers that are all remote code execution vulnerabilities.
Office Click-To-Run gets a critical patch for the embedded fonts flaw that was also patched in Windows. There are three important patches, two of which are remote code execution flaws and one information disclosure.
Flash is no exception this month and Adobe has patched a privilege escalation flaw rated as important and detailed in CVE-2018-15967.
advertisment
Some users have reported receiving error 0x8000FFF when installing this month’s rollup for Windows 7. According to the information I found on a support forum, this is connected to an out-of-date servicing stack. KB3177467 must be installed before this month’s rollup can be applied.
Last but not least, a speculative execution side-channel vulnerability, also referred to as L1 Terminal Fault (L1TF) that affects Intel CPUs, gets an updated advisory. Along with updated advice for Spectre on AMD processors. You can review the updated information on L1TF here, and get the latest Spectre advice here.
That is it for this month!
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
Build 2022: Microsoft Boosts Data Analytics and Cybersecurity in New Training & Certifications
May 24, 2022 | Rabia Noureen
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group