63 New Flaws (Including 0-Days) Windows Users Need to Patch Now

This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity.

Two of the vulnerabilities patched by the tech giant this month are listed as publicly known at the time of release, and one flaw is reported as being actively exploited in the wild by multiple cybercriminal groups.

Zero-Day Vulnerability Being Exploited by Cyber Criminals

The zero-day vulnerability, tracked as CVE-2018-8589, which is being exploited in the wild by multiple advanced persistent threat groups was first spotted and reported by security researchers from Kaspersky Labs.

 

The flaw resides in the Win32k component (win32k.sys), which if exploited successfully, could allow a malicious program to execute arbitrary code in kernel mode and elevate its privileges on an affected Windows 7, Server 2008 or Server 2008 R2 to take control of it.

"The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim's system. So far, we have detected a very limited number of attacks using this vulnerability," Kaspersky said.

Two Publicly Disclosed Zero-Day Vulnerabilities

The other two publicly known zero-day vulnerabilities which were not listed as under active attack reside in Windows Advanced Local Procedure Call (ALPC) service and Microsoft's BitLocker Security Feature.

The flaw related to ALPC, tracked as CVE-2018-8584, is a privilege escalation vulnerability that could be exploited by running a specially crafted application to execute arbitrary code in the security context of the local system and take control over an affected system.

Advanced local procedure call (ALPC) facilitates high-speed and secure data transfer between one or more processes in the user mode.

The second publicly disclosed vulnerability, tracked as CVE-2018-8566, exists when Windows improperly suspends BitLocker Device Encryption, which could allow an attacker with physical access to a powered-off system to bypass security and gain access to encrypted data.

BitLocker was in headlines earlier this month for a separate issue that could expose Windows users encrypted data due to its default encryption preference and bad encryption on self-encrypting SSDs.

Microsoft did not fully address this issue; instead, the company simply provided a guide on how to manually change BitLocker default encryption choice.

November 2018 Patch Tuesday: Critical and Important Flaws

Out of 12 critical, eight are memory corruption vulnerabilities in the Chakra scripting engine that resides due to the way the scripting engine handles objects in memory in the Microsoft Edge internet browser.

All the 8 vulnerabilities could be exploited to corrupt memory, allowing an attacker to execute code in the context of the current user. To exploit these bugs, all an attacker needs to do is tricking victims into opening a specially crafted website on Microsoft Edge.

Rest three vulnerabilities are remote code execution bugs in the Windows Deployment Services TFTP server, Microsoft Graphics Components, and the VBScript engine. All these flaws reside due to the way the affected software handles objects in memory.

The last critical vulnerability is also a remote code execution flaw that lies in Microsoft Dynamics 365 (on-premises) version 8. The flaw exists when the server fails to properly sanitize web requests to an affected Dynamics server.

If exploited successfully, the vulnerability could allow an authenticated attacker to run arbitrary code in the context of the SQL service account by sending a specially crafted request to a vulnerable Dynamics server.

Windows Deployment Services TFTP Server Remote Code Execution Vulnerability	CVE-2018-8476	Critical
Microsoft Graphics Components Remote Code Execution Vulnerability	CVE-2018-8553	Critical
Chakra Scripting Engine Memory Corruption Vulnerability	CVE-2018-8588	Critical
Chakra Scripting Engine Memory Corruption Vulnerability	CVE-2018-8541	Critical
Chakra Scripting Engine Memory Corruption Vulnerability	CVE-2018-8542	Critical
Chakra Scripting Engine Memory Corruption Vulnerability	CVE-2018-8543	Critical
Windows VBScript Engine Remote Code Execution Vulnerability	CVE-2018-8544	Critical
Chakra Scripting Engine Memory Corruption Vulnerability	CVE-2018-8555	Critical
Chakra Scripting Engine Memory Corruption Vulnerability	CVE-2018-8556	Critical
Chakra Scripting Engine Memory Corruption Vulnerability	CVE-2018-8557	Critical
Chakra Scripting Engine Memory Corruption Vulnerability	CVE-2018-8551	Critical
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability	CVE-2018-8609	Critical
Azure App Service Cross-site Scripting Vulnerability	CVE-2018-8600	Important
Windows Win32k Elevation of Privilege Vulnerability	CVE-2018-8589	Important
BitLocker Security Feature Bypass Vulnerability	CVE-2018-8566	Important
Windows ALPC Elevation of Privilege Vulnerability	CVE-2018-8584	Important
Team Foundation Server Cross-site Scripting Vulnerability	CVE-2018-8602	Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability	CVE-2018-8605	Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability	CVE-2018-8606	Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability	CVE-2018-8607	Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability	CVE-2018-8608	Important
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability	CVE-2018-8471	Important
DirectX Elevation of Privilege Vulnerability	CVE-2018-8485	Important
DirectX Elevation of Privilege Vulnerability	CVE-2018-8554	Important
DirectX Elevation of Privilege Vulnerability	CVE-2018-8561	Important
Win32k Elevation of Privilege Vulnerability	CVE-2018-8562	Important
Microsoft SharePoint Elevation of Privilege Vulnerability	CVE-2018-8572	Important
Microsoft Exchange Server Elevation of Privilege Vulnerability	CVE-2018-8581	Important
Windows COM Elevation of Privilege Vulnerability	CVE-2018-8550	Important
Windows VBScript Engine Remote Code Execution Vulnerability	CVE-2018-8552	Important
Microsoft SharePoint Elevation of Privilege Vulnerability	CVE-2018-8568	Important
Windows Elevation Of Privilege Vulnerability	CVE-2018-8592	Important
Microsoft Edge Elevation of Privilege Vulnerability	CVE-2018-8567	Important
DirectX Information Disclosure Vulnerability	CVE-2018-8563	Important
MSRPC Information Disclosure Vulnerability	CVE-2018-8407	Important
Windows Audio Service Information Disclosure Vulnerability	CVE-2018-8454	Important
Win32k Information Disclosure Vulnerability	CVE-2018-8565	Important
Microsoft Outlook Information Disclosure Vulnerability	CVE-2018-8558	Important
Windows Kernel Information Disclosure Vulnerability	CVE-2018-8408	Important
Microsoft Edge Information Disclosure Vulnerability	CVE-2018-8545	Important
Microsoft SharePoint Information Disclosure Vulnerability	CVE-2018-8578	Important
Microsoft Outlook Information Disclosure Vulnerability	CVE-2018-8579	Important
PowerShell Remote Code Execution Vulnerability	CVE-2018-8256	Important
Microsoft Outlook Remote Code Execution Vulnerability	CVE-2018-8522	Important
Microsoft Outlook Remote Code Execution Vulnerability	CVE-2018-8576	Important
Microsoft Outlook Remote Code Execution Vulnerability	CVE-2018-8524	Important
Microsoft Word Remote Code Execution Vulnerability	CVE-2018-8539	Important
Microsoft Word Remote Code Execution Vulnerability	CVE-2018-8573	Important
Microsoft Excel Remote Code Execution Vulnerability	CVE-2018-8574	Important
Microsoft Project Remote Code Execution Vulnerability	CVE-2018-8575	Important
Microsoft Outlook Remote Code Execution Vulnerability	CVE-2018-8582	Important
Windows Search Remote Code Execution Vulnerability	CVE-2018-8450	Important
Microsoft Excel Remote Code Execution Vulnerability	CVE-2018-8577	Important
Internet Explorer Memory Corruption Vulnerability	CVE-2018-8570	Important
Microsoft JScript Security Feature Bypass Vulnerability	CVE-2018-8417	Important
Windows Security Feature Bypass Vulnerability	CVE-2018-8549	Important
Microsoft Edge Spoofing Vulnerability	CVE-2018-8564	Important
Active Directory Federation Services XSS Vulnerability	CVE-2018-8547	Important
Team Foundation Server Remote Code Execution Vulnerability	CVE-2018-8529	Important
Yammer Desktop Application Remote Code Execution Vulnerability	CVE-2018-8569	Important
Microsoft Powershell Tampering Vulnerability	CVE-2018-8415	Important
.NET Core Tampering Vulnerability	CVE-2018-8416	Moderate
Microsoft Skype for Business Denial of Service Vulnerability	CVE-2018-8546	Low

This month's security update also covers 46 important vulnerabilities in Windows, PowerShell, MS Excel, Outlook, SharePoint, VBScript Engine, Edge, Windows Search service, Internet Explorer, Azure App Service, Team Foundation Server, and Microsoft Dynamics 365.

 

Users and system administrators are strongly advised to apply the above security patches as soon as possible in order to keep hackers and cyber criminals away from taking control of their systems.