Today’s VERT Alert addresses Microsoft’s November 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-805 on Wednesday, November 14th.
In-The-Wild & Disclosed CVEs
CVE-2018-8589
This vulnerability was reported to Microsoft by Kaspersky Labs, who discovered it being exploited by multiple threat actors. The target, at this point, has been Windows 7 x86 systems. The vulnerability takes advantage of a flaw in Windows handles calls to Win32k.sys and could allow an attacker to execute code in the context of the local system. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases.
CVE-2018-8584
This latest Advanced Local Procedure Call (ALPC) privilege escalation vulnerability could allow attackers to execute code in the context of the local system. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).
CVE-2018-8566
This physical attack allows attackers to bypass BitLocker during a system reboot because Windows improperly suspends BitLocker Device Encryption. It is important to note that this is not related to Security Advisory [ADV180028] regarding hardware encryption on self-encrypting drives. Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely).
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag |
CVE Count |
CVEs |
Microsoft Windows |
5 |
CVE-2018-8476, CVE-2018-8592, CVE-2018-8549, CVE-2018-8550, CVE-2018-8584 |
Microsoft Edge |
3 |
CVE-2018-8564, CVE-2018-8545, CVE-2018-8567 |
BitLocker |
1 |
CVE-2018-8566 |
Microsoft Dynamics |
5 |
CVE-2018-8605, CVE-2018-8606, CVE-2018-8607, CVE-2018-8608, CVE-2018-8609 |
Internet Explorer |
1 |
CVE-2018-8570 |
Microsoft Scripting Engine |
10 |
CVE-2018-8588, CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8544, CVE-2018-8551, CVE-2018-8552, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557 |
Microsoft Office SharePoint |
3 |
CVE-2018-8572, CVE-2018-8568, CVE-2018-8578 |
Team Foundation Server |
1 |
CVE-2018-8602 |
Active Directory |
1 |
CVE-2018-8547 |
Microsoft Graphics Component |
7 |
CVE-2018-8485, CVE-2018-8553, CVE-2018-8554, CVE-2018-8561, CVE-2018-8562, CVE-2018-8563, CVE-2018-8565 |
Microsoft Drivers |
1 |
CVE-2018-8471 |
Windows Kernel |
2 |
CVE-2018-8589, CVE-2018-8408 |
Microsoft Windows Search Component |
1 |
CVE-2018-8450 |
Microsoft Exchange Server |
1 |
CVE-2018-8581 |
Microsoft Office |
11 |
CVE-2018-8522, CVE-2018-8576, CVE-2018-8524, CVE-2018-8539, CVE-2018-8558, CVE-2018-8573, CVE-2018-8574, CVE-2018-8575, CVE-2018-8582, CVE-2018-8577, CVE-2018-8579 |
Microsoft PowerShell |
2 |
CVE-2018-8256, CVE-2018-8415 |
Microsoft RPC |
1 |
CVE-2018-8407 |
Skype for Business and Microsoft Lync |
1 |
CVE-2018-8546 |
Azure |
1 |
CVE-2018-8600 |
.NET Core |
1 |
CVE-2018-8416 |
Microsoft JScript |
1 |
CVE-2018-8417 |
Windows Audio Service |
1 |
CVE-2018-8454 |
Other Information
In addition to the Microsoft vulnerabilities included in the November Security Guidance, a security advisory was also made available.
November 2018 Adobe Flash Security Update [ADV180025]
Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-39. This includes a fix for CVE-2018-15978.
