Patch Tuesday: critical patches you might have missed
We hope that the next weekend in the middle of the week did not relax you and you closely followed the “Tuesday of updates”, which actually begins at 9-10 pm in Moscow. If the Victory Parade and a trip to the country slightly knocked you out of the working rhythm, then welcome under the cat. Vendors rolled out several important patches covering really serious vulnerabilities, so we recommend to pay attention.
The very name Patch Tuesday was invented by Microsoft, so let's start with them.
')
In Microsoft Exchange, 5 vulnerabilities were immediately eliminated, one of which - CVE-2018-8154 - is particularly notable: it is enough for an attacker to send a specially created letter to the MS Exchange mail server so that the code with the privileges of SYSTEM level is executed on the server.
An exploit for this vulnerability by the general public is not currently available, however, as previous experience shows, its development will not take much time. Therefore, depending on how you have built the process of managing vulnerabilities, either immediately roll updates, or increase the priority for this patch. Information on other vulnerabilities in Exchange can be found here .
Another Microsoft released a patch for the CVE-2018-8174 vulnerability in Internet Explorer, which allows attackers to drive-by attack: users simply open a well-formed page in the browser to execute arbitrary code on the system. Colleagues from 360 Total Security called it "Double Kill" and said that the vulnerability is already actively exploited by the APT-group. Colleagues from Kaspersky Lab confirm this fact.
We also draw your attention to the RCE vulnerability CVE-2018-0959 and CVE-2018-0961 in Microsoft Hyper-V. Despite the fact that the exploit is not yet publicly available, the attack itself can be carried out over the network, which increases the criticality of the vulnerability, and hence the priority of installing the update.
In addition, the evening before the holiday brought us a whole fan of vulnerabilities that allow attackers to raise privileges. One of them - CVE-2018-8897 - deserves special attention. It turned out that almost all operating system vendors incorrectly handled interrupts generated by Intel processors. Of course, none of them want to repeat Meltdown and Specter, so they coordinated and released updates simultaneously: Microsoft , Apple , VMware , FreeBSD , Suse , etc. A full list of affected operating systems is available here .
In addition to the above vulnerabilities, another RCE in Adobe Flash Player - CVE-2018-4944 and a number of RCEs for the Microsoft Office suite also deserve attention.
We remind you that security updates, like any other, should be treated carefully, testing them before being released into the combat environment, since no one has canceled compatibility problems. A list of known issues for the above MS patches and their solutions are available here .
The very name Patch Tuesday was invented by Microsoft, so let's start with them.
')
In Microsoft Exchange, 5 vulnerabilities were immediately eliminated, one of which - CVE-2018-8154 - is particularly notable: it is enough for an attacker to send a specially created letter to the MS Exchange mail server so that the code with the privileges of SYSTEM level is executed on the server.
An exploit for this vulnerability by the general public is not currently available, however, as previous experience shows, its development will not take much time. Therefore, depending on how you have built the process of managing vulnerabilities, either immediately roll updates, or increase the priority for this patch. Information on other vulnerabilities in Exchange can be found here .
Another Microsoft released a patch for the CVE-2018-8174 vulnerability in Internet Explorer, which allows attackers to drive-by attack: users simply open a well-formed page in the browser to execute arbitrary code on the system. Colleagues from 360 Total Security called it "Double Kill" and said that the vulnerability is already actively exploited by the APT-group. Colleagues from Kaspersky Lab confirm this fact.
We also draw your attention to the RCE vulnerability CVE-2018-0959 and CVE-2018-0961 in Microsoft Hyper-V. Despite the fact that the exploit is not yet publicly available, the attack itself can be carried out over the network, which increases the criticality of the vulnerability, and hence the priority of installing the update.
In addition, the evening before the holiday brought us a whole fan of vulnerabilities that allow attackers to raise privileges. One of them - CVE-2018-8897 - deserves special attention. It turned out that almost all operating system vendors incorrectly handled interrupts generated by Intel processors. Of course, none of them want to repeat Meltdown and Specter, so they coordinated and released updates simultaneously: Microsoft , Apple , VMware , FreeBSD , Suse , etc. A full list of affected operating systems is available here .
In addition to the above vulnerabilities, another RCE in Adobe Flash Player - CVE-2018-4944 and a number of RCEs for the Microsoft Office suite also deserve attention.
We remind you that security updates, like any other, should be treated carefully, testing them before being released into the combat environment, since no one has canceled compatibility problems. A list of known issues for the above MS patches and their solutions are available here .
Source: https://habr.com/ru/post/358274/
All Articles