Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)
Computer Security Incident Response Team of Mauritius>Microsoft Releases November 2018 Security Update

Microsoft Releases November 2018 Security Update


Microsoft has released security updates to provide additional protections against malicious attackers. In the November security updates, Microsoft has fixed 64 vulnerabilities, with 12 of them being labeled as critical. The vulnerabilities reported are as follows:
Privilege escalation vulnerability in Windows 10 Build 1809 Upgrade
An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc.) with the “keep nothing” option selected during installation. Successful exploitation of the vulnerability could allow an attacker to gain local access to an affected system. To exploit the vulnerability, an attacker would need physical access to the console of the affected system. The update addresses the vulnerability by changing built-in account behavior after the setup process completes."
Of the 12 Critical vulnerabilities, 8 of them are in the Chakra Scripting Engine.
CVE-2018-8476 - Windows Deployment Services TFTP Server Remote Code Execution Vulnerability:
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.
CVE-2018-8541 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
CVE-2018-8542 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
CVE-2018-8543 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..
This is currently being classified as Moderate for Windows Server 2016 and 2018, but Critical for all other Windows versions.
CVE-2018-8544 - Windows VBScript Engine Remote Code Execution Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.
This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. 
CVE-2018-8551 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..
CVE-2018-8553 - Microsoft Graphics Components Remote Code Execution Vulnerability:
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file.
CVE-2018-8555 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..
CVE-2018-8556 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..
CVE-2018-8557 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..
CVE-2018-8588 - Chakra Scripting Engine Memory Corruption Vulnerability:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.
This is currently being classified as Moderate for Windows Server 2016 and 2018, but Critical for all other Windows versions.
CVE-2018-8609 - Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability:
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account.   An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server.   The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 (on-premises) version 8 validates and sanitizes user input.
As these updates are commonly exploited by attackers, malware, and exploit kits, it is strongly advised that all users install these updates as soon as possible. More information about this month’s security updates can be found on the Security Update Guide
As a best practice, customers are encouraged to turn on automatic updates.  
Source:
Microsoft Security Update
 
Bleeping Computer
 
Team Cymru
 
Contact Information
 
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis