Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Request a Demo

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Request a Demo
Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

Patch Tuesday, September 2018

Change theme to light Patch Tuesday, September 2018
3 Minute Read by Karl Sigler

September's Patch Tuesday is here with patches for 61 CVEs and two roll up patches, one for multiple Denial of Service vulnerabilities in Windows and one for the ever present Remote Code Execution (RCE) vulnerabilities in Adobe Flash. Across the patched CVEs, 17 are rated as "Critical", 43 are rated as "Important" and one is rated "Modera

The scripting engine used during web browsing is back with the majority of the "Critical" vulnerabilities. In addition there are patches for RCE vulnerabilities for .NET and Hyper-V server platforms. Since these services are often public facing, the risk of those vulnerabilities is higher than most. The last "Critical" vulnerability (CVE-2018-8475) affects all Windows platforms and is exploited via a malicious image file. All that would be necessary to exploit the vulnerability would be to convince a user to open the specially crafted image, whether it's embedded in a message, a document or a webpage.

On the list of "Important" vulnerabilities are dozens of Denial of Service and Information Disclosure vulnerabilities. The most important patch among the bunch, and probably the most important patch in this release, is a patch for a Privilege Escalation vulnerability in Windows Advanced Local Procedure Call (ALPC) as used by the Windows Task Scheduler. This vulnerability, issued CVE-2018-8440, allows an attacker to escalate any user account from limited privilege to full "Local System" rights, the highest privilege on any Windows system.

The reason why this vulnerability is so important is that security researcher "SandboxEscaper" got frustrated working with Microsoft on the disclosure process (and perhaps just frustrated with life in general) and they released the details of the vulnerability along with Proof of Concept code in an expletive filled tweet on August 27th. Thus a "Zero Day" was born.

Local Privilege Escalation vulnerabilities are often dismissed as less important since they require local access to a system, typically via a user targeted with a social engineering attack. Because of this additional step, even Microsoft rates such vulnerabilities as "Important" instead of "Critical". However, these types of vulnerabilities are often used by criminals to get their malware installed with "root" or "system" level access.

In fact this vulnerability proves that point well, since it took criminals only two days to weaponize this zero day as a part of a larger spam campaign. The PowerPool group started pushing out spam with a "fake invoice" that exploits the ALPC bug to install a backdoor with full system privileges.

With a fix for a zero day that is currently being exploited in the wild in addition to RCE vulnerabilities in .NET and Hyper-V, you'll definitely want to apply these patches as soon as you can.

 

Critical

September 2018 Adobe Flash Security Update
ADV180023
Remote Code Execution

.NET Framework Remote Code Execution Vulnerability
CVE-2018-8421
Remote Code Execution

Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8367, CVE-2018-8465, CVE-2018-8466, CVE-2018-8467
Remote Code Execution

Internet Explorer Memory Corruption Vulnerability
CVE-2018-8447, CVE-2018-8461
Remote Code Execution

Microsoft Edge PDF Remote Code Execution Vulnerability
CVE-2018-8464
Remote Code Execution

MS XML Remote Code Execution Vulnerability
CVE-2018-8420
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459
Remote Code Execution

Win32k Graphics Remote Code Execution Vulnerability
CVE-2018-8332
Remote Code Execution

Windows Hyper-V Remote Code Execution Vulnerability
CVE-2018-0965, CVE-2018-8439
Remote Code Execution

Windows Remote Code Execution Vulnerability
CVE-2018-8475
Remote Code Execution

 

Important

Windows Denial of Service Vulnerability
ADV180022
Denial of Service

ASP.NET Core Denial of Service
CVE-2018-8409
Denial of Service

Device Guard Security Feature Bypass Vulnerability
CVE-2018-8449
Security Feature Bypass

DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2018-8462
Elevation of Privilege

Internet Explorer Security Feature Bypass Vulnerability
CVE-2018-8470
Security Feature Bypass

Microsoft Edge Elevation of Privilege Vulnerability
CVE-2018-8463, CVE-2018-8469
Elevation of Privilege

Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8366
Information Disclosure

Microsoft Edge Spoofing Vulnerability
CVE-2018-8425
Spoofing

Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8429
Information Disclosure

Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8331
Remote Code Execution

Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2018-8433
Information Disclosure

Microsoft JET Database Engine Remote Code Execution Vulnerability
CVE-2018-8392, CVE-2018-8393, CVE-2018-8423
Remote Code Execution

Microsoft Office SharePoint XSS Vulnerability
CVE-2018-8426
Information Disclosure

Microsoft Scripting Engine Information Disclosure Vulnerability
CVE-2018-8315
Information Disclosure

Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8428, CVE-2018-8431
Elevation of Privilege

OData Denial of Service Vulnerability
CVE-2018-8269
Denial of Service

Scripting Engine Information Disclosure Vulnerability
CVE-2018-8452
Information Disclosure

Scripting Engine Memory Corruption Vulnerability
CVE-2018-8354
Remote Code Execution

Windows ALPC Elevation of Privilege Vulnerability
CVE-2018-8440
Elevation of Privilege

Windows Elevation of Privilege Vulnerability
CVE-2018-8468
Elevation of Privilege

Windows GDI Information Disclosure Vulnerability
CVE-2018-8424
Information Disclosure

Windows Hyper-V Denial of Service Vulnerability
CVE-2018-8436, CVE-2018-8437, CVE-2018-8438
Denial of Service

Windows Hyper-V Information Disclosure Vulnerability
CVE-2018-8434
Information Disclosure

Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2018-8435
Security Feature Bypass

Windows Information Disclosure Vulnerability
CVE-2018-8271
Information Disclosure

Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8455
Elevation of Privilege

Windows Kernel Information Disclosure Vulnerability
CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446
Information Disclosure

Windows Registry Elevation of Privilege Vulnerability
CVE-2018-8410
Elevation of Privilege

Windows SMB Denial of Service Vulnerability
CVE-2018-8335
Denial of Service

Windows SMB Information Disclosure Vulnerability
CVE-2018-8444
Information Disclosure

Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2018-8441
Elevation of Privilege

Windows Subsystem for Linux Security Feature Bypass Vulnerability
CVE-2018-8337
Security Feature Bypass

Word PDF Remote Code Execution Vulnerability
CVE-2018-8430
Remote Code Execution

 

Moderate

Lync for Mac 2011 Security Feature Bypass Vulnerability
CVE-2018-8474
Elevation of Privilege

About the Author

Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20- year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

2024 Trustwave Risk Radar Report: Cyber Threats to the Retail Sector
Hooked by the Call: A Deep Dive into The Tricks Used in Callback Phishing Emails
How Threat Actors Conduct Election Interference Operations: An Overview

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo