Microsoft released the September patch yesterday, fixing 61 vulnerabilities. Among these, 17 were identified as critical vulnerabilities, 43 were critical vulnerabilities, and 1 was a medium critical vulnerability. This update honors the last official commitment to fix a scheduled 0-day vulnerability announced by a security researcher on Twitter recently (this vulnerability has been fixed by a third-party security patch). The vulnerabilities are the same as before, involving Microsoft mainstream products, including Edge, Windows, IE, Office, .NET Framework and so on.
4 vulnerabilities have been disclosed before, which are still possible of being exploited
CVE-2018-8475 Windows Remote Code Execution Vulnerability affects all Windows versions (including Windows 10), which could allow an attacker to create a malicious image file that would execute code when opened. Due to the way it is used, there may be a lot of phishing attacks in the future that will exploit this vulnerability.
CVE-2018-8440 Windows ALPC Elevation of Privilege Vulnerability is released by a security researcher on Twitter recently. It allows attackers to implement privilege elevation. PoC has been released on Github, and third-party security patches and solutions are released in a timely manner.
CVE-2018-8457 Scripting Engine Memory Corruption Vulnerability affects IE 10, 11 and Edge, which allows attackers to perform remote code execution under the security context of the logged in user.
CVE-2018-8409 System.IO.Pipelines DoS Vulnerability is a vulnerability in ASP,NET that causes a denial of service when System.IO.Pipelines handles an error, and attackers can remotely trigger this vulnerability in an unauthorized state.
Other vulnerabilities need to be addressed
Talos and ZDI summarize the critical vulnerabilities that currently need to be addressed immediately, in addition to the above vulnerabilities:
CVE-2018-0965/8439 Windows Hyper-V Remote Code Execution Vulnerability is a remote code execution vulnerability in Windows Hyper-V. It would allow attackers to craft a malicious application that could escape the guest virtual machine and execute commands on the host machine.
CVE-2018-8449 Device Guard Security Feature Bypass Vulnerability could allow attackers to bypass Device Guard’s secure signature mechanism to execute malware.
CVE-2018-8367 Chakra Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability in the Chakra scripting engine that allows attackers to remotely execute code with current user rights when dealing with an Edge memory object error.
CVE-2018-8420 MS XML Remote Code Execution Vulnerability is a remote code execution vulnerability in MSXML that allows attackers to induce remote code execution after a user visits a malicious website.
CVE-2018-8461/8447 Internet Explorer Memory Corruption Vulnerability is a vulnerability in Internet Explorer 11 that would allow a malicious web site to perform remote code execution.
CVE-2018-8332 Win32k Graphics Remote Code Execution Vulnerability affects all Windows versions from Windows 10 through Windows Server that could allow an attacker to create a malicious font, which when viewed could cause remote code execution.
CVE-2018-8391 Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability for the Chakra scripting engine that can only be exploited by attackers when the user is logged in as an administrator.
CVE-2018-8456/8459 Scripting Engine Memory Corruption Vulnerability allows attackers to perform remote code execution under the security context of the logged in user.
CVE-2018-8464 Microsoft Edge PDF Remote Code Execution Vulnerability is a vulnerability in Microsoft Edge that could allow a malicious PDF to execute code on the vulnerable machine.
The full list of vulnerabilities resolved by the September 2018 Patch Tuesday updates can be viewed via the link.
Learn more about 360 Total Security