Microsoft Releases Patches for 60 Flaws—Two Under Active Attack | Cyber Security
Get your update caps on.
Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical.
The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio.
Two of these vulnerabilities patched by the tech giant is listed as publicly known and being exploited in the wild at the time of release.
According to the advisory released by Microsoft, all 19 critical-rated vulnerabilities lead to remote code execution (RCE), some of which could eventually allow attackers to take control of the affected system if exploited successfully.
Besides this, Microsoft has also addressed 39 important flaws, one moderate and one low in severity.
Here below we have listed brief details of a few critical and publically exploited important vulnerabilities:
Internet Explorer Memory Corruption Vulnerability (CVE-2018-8373)
The first vulnerability under active attack is a critical remote code execution vulnerability that was revealed by Trend Micro last month and affected all supported versions of Windows.
Internet Explorer 9, 10 and 11 are vulnerable to a memory corruption issue that could allow remote attackers to take control of the vulnerable systems just by convincing users to view a specially crafted website through Internet Explorer.
“An attacker could also embed an ActiveX control marked ‘safe for initialization’ in an application or Microsoft Office document that hosts the IE rendering engine,” Microsoft says in its advisory.
Windows Shell Remote Code Execution Vulnerability (CVE-2018-8414)
The second publicly known and actively exploited flaw resides in the Windows Shell, which originates due to improper validation of file paths.
The arbitrary code can be executed on the targeted system by convincing victims into opening a specially crafted file received via an email or a web page.
Microsoft SQL Server RCE (CVE-2018-8273)
Microsoft SQL Server 2016 and 2017 are vulnerable to a buffer overflow vulnerability that could be exploited remotely by an attacker to execute arbitrary code in the context of the SQL Server Database Engine service account.
Successful exploitation of the vulnerability requires a remote attacker to submit a specially crafted query to an affected SQL server.
Windows PDF Remote Code Execution Vulnerability (CVE-2018-8350)
Windows 10 systems with Microsoft Edge set as the default browser can be compromised merely by convincing users to view a website.
Due to improper handling of the objects in the memory, Windows 10’s PDF library could be exploited by a remote attacker to execute arbitrary code on the targeted system.
“The attacker could also take advantage of compromised websites or websites that accept or host user-provided content or advertisements, by adding specially crafted PDF content to such sites,” Microsoft says in its advisory.
“Only Windows 10 systems with Microsoft Edge set as the default browser can be compromised simply by viewing a website.”
Microsoft Exchange Memory Corruption Vulnerability (CVE-2018-8302)
This vulnerability resides in the way this software handles objects in memory, allowing a remote attacker to run arbitrary code in the context of the System user just by sending a specially crafted email to the vulnerable Exchange server.
The flaw affects Microsoft Exchange Server 2010, 2013 and 2016.
Microsoft Graphics Remote Code Execution Vulnerability (CVE-2018-8344)
Microsoft revealed that Windows font library improperly handles specially crafted embedded fonts, which could allow attackers to take control of the affected system by serving maliciously embedded fonts via a specially crafted website and document file.
This vulnerability affects Windows 10, 8.1, and 7, and Windows Server 2016 and 2012.
LNK Remote Code Execution Vulnerability (CVE-2018-8345)
This vulnerability exists in .LNK shortcut file format used by Microsoft Windows 10, 8.1, 7 and Windows Server editions.
An attacker can use malicious .LNK file and an associated malicious binary to execute arbitrary code on the targeted system. Successful exploitation of this vulnerability could allow attackers to gain the same user rights on the target Windows system as the local user.
According to the Microsoft advisory, users accounts configured with fewer user rights on the system are less impacted by this vulnerability than users who operate with administrative user rights.
GDI+ Remote Code Execution Vulnerability (CVE-2018-8397)
This RCE flaw resides in the way Windows Graphics Device Interface (GDI) handles objects in the memory, allowing an attacker to take control of the affected system if exploited successfully.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft says in its advisory explaining the flaw.
“Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
The vulnerability affects Windows 7 and Windows Server 2008.
Besides this, Microsoft has also pushed security updates to patch vulnerabilities in Adobe products, details of which you can get through a separate article posted today.
Users are strongly advised to apply security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.
For installing security updates, directly head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.