In the most recent Microsoft Patch Tuesday update, the company has patched numerous flaws (61 in total), including a critical patch for an actively exploited vulnerability. The most severe exploit in question, (CVE-2018-8440), is classified by Microsoft as an elevation of privilege vulnerability as a result of Windows not correctly handling calls to the Advanced Local Procedure Call (ALPC). According to the bug report, when successfully exploited, (CVE-2018-8440) allows an attacker to “run arbitrary code in the security context of the local system... then install programs; view, change, or delete data; or create new accounts with full user rights.” Multiple sources, including Microsoft, acknowledged that the bug was being utilized by hackers in the wild, hence expediting the patch.
The other bugs patched in the massive 61-count vulnerability list that deserve mention include (CVE-2018-8475), (CVE-2018-8457), and (CVE-2018-8409). (CVE-2018-8475) is a remote code execution vulnerability that exists due to an issue with the way Windows deals with "specially crafted" images. If an attacker social engineers a victim into downloading an image, there are multiple avenues of attack via code injection.
In the case of (CVE-2018-8457), the main danger is the ability to corrupt memory and, via remote code injection, gain the same the privileges as the user. If the user is in admin status, this is even more dangerous as the attack in question has limitless potential in terms of what they can do on a machine. The exploit, according to the Microsoft report, is caused by “the way the scripting engine handles objects in memory in Microsoft browsers.”
Finally, the last exploit of particular interest that has been patched (CVE-2018-8409), is a denial-of-service vulnerability that can be exploited remotely with specially crafted packets. The cause of the DoS exploit is “when System.IO.Pipelines improperly handles requests,” and a threat actor can take advantage of a machine utilizing the unpatched System.IO.Pipelines. While not as damaging as the previously mentioned exploits, a DoS attack can play a vital role in a multipart systematic attack on a network and is often one of the earliest active attacks employed.
With the 61 patches spanning numerous vital areas, it is imperative that sysadmins implement these latest Microsoft Patch Tuesday fixes as soon as possible.
Featured image: Flickr / Robert Scoble