iTnews

Microsoft closes actively exploited Windows zero-day

By Juha Saarinen on Nov 14, 2018 9:37AM
Microsoft closes actively exploited Windows zero-day

Remote code execution bugs in Edge taken care of too.

Admins and Windows users have been urged to apply the November 2018 round of security patches urgently, to close off vulnerabilities, one of which is under active exploitation currently.

This is the Kaspersky Labs-reported CVE-2018-8589 vulnerability in the win32k.sys kernel, a privilege elevation bug that allows attackers to run arbitrary code in the local system security context, Microsoft warned.

Attackers need to be logged onto the target system to run specially coded applications to exploit the vulnerability. Successful exploitation of the vulnerability allows full system take over, Microsoft said.

A second zero-day, CVE-2018-8584, is also a privilege escalation bug caused by improper handling of calls to the Advanced Local Procedure Call (ALPC) used for the Microsoft Data Sharing Service feature. 

The zero-day was published on Twitter and Github on October 23, but not disclosed to Microsoft prior to that.

As with CVE-2018-8589, the CVE-2018-8584 vulnerability requires an attacker to be logged on to the target system for successful exploitation and taking control over it.

Current and unpatched versions of Windows 10, as well as Windows Server 2016 and 2019, are vulnerable to the above zero-days.

While Microsoft said in its Security Update Guide that CVE-2018-8584 is not exploited in the wild, security vendor Tenable's chief technology officer Glen Pendley warned that the flaw is serious as it allows non-admin users to access, delete and inject malicious code on vulnerable systems.

The built-in web browsers for current versions of Windows, Edge, also received fixes for several critical, remotely exploitable vulnerabilities. These are mainly in Microsoft's Chakra Javascript rendering engine.

A total of 62 security flaws are fixed in the November 2018 Patch Wednesday.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
microsoft security windows 10 zeroday

Partner Content

Four data superpowers to harness before 2022
Promoted Content Four data superpowers to harness before 2022
What conversations should executives be having about cyber security?
Partner Content What conversations should executives be having about cyber security?
Putting cyber security basics in place
Partner Content Putting cyber security basics in place
Setting a path to self-funded mainframe-to-cloud modernisation with Micro Focus
Promoted Content Setting a path to self-funded mainframe-to-cloud modernisation with Micro Focus

Sponsored Whitepapers

The top 5 tech trends to deliver business outcomes
The top 5 tech trends to deliver business outcomes
10 reasons why businesses need to invest in cloud security training
10 reasons why businesses need to invest in cloud security training
Your guide to application security solutions
Your guide to application security solutions
State of Software Security: Open Source Edition
State of Software Security: Open Source Edition
Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • [iTnews and Micro Focus] Navigating the cloud modernisation minefield
By Juha Saarinen
Nov 14 2018
9:37AM
0 Comments

Related Articles

  • Lazarus Group behind security researcher attacks
  • SolarWinds, Microsoft, FireEye, CrowdStrike defend actions in major hack
  • SolarWinds, Microsoft, FireEye, CrowdStrike executives face US Senate grilling
  • SolarWinds hackers studied Microsoft authentication, email source code
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

TPG Telecom to start enticing NBN customers to move

TPG Telecom to start enticing NBN customers to move

Infosys scores another $40m for Centrelink payments engine build

Infosys scores another $40m for Centrelink payments engine build

Telstra InfraCo opens up telco's own fibre network

Telstra InfraCo opens up telco's own fibre network

Transport for NSW data stolen in Accellion breach

Transport for NSW data stolen in Accellion breach

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.