Patch Tuesday září 2018

 

záplaty Microsoft 62 zranitelnosti, 17 of which are rated Critical. Včetně náplastí pro zero-day zranitelnosti ALPC, která byla uveřejněna na Twitteru na konci srpna.

Tento měsíc Microsoft záplaty pět kritických zranitelností pro všechny verze Windows 10 a Windows Server 2016, and some of them affect older versions of Windows. All are remote code execution flaws, one of which is in Hyper-V and could allow an attacker to execute arbitrary code. There are also patches for flaws caused by embedded fonts, the MS XML parser, and specially crafted image files.

ALPC Zero-Day

On 27th August a Twitter user (@SandboxEscaper) publicly released information about a zero-day Advanced Local Procedure Call (ALPC) vulnerability in Windows that could allow hackers with local access to the Task Scheduler to elevate privileges to SYSTEM. The user posted a link to proof-of-concept code, which was verified independently by the United States Computer Emergency Readiness Team (US-CERT) to work on fully-patched Windows 10 a Windows Server 2016 64-bitové systémy.

The flaw was found in the way Task Scheduler handles Advanced Local Procedure Calls (ALPCs), which is a kernel process that allows client processes to communicate with server processes. Microsoft acknowledged the ALPC bug and in this month patches it. While rated Důležité and not Critical by Microsoft, this one is important to patch because it is already being exploited in a targeted campaign.

Among the other flaws rated Důležité, the Hyper-V BIOS loader fails to provide a high-entropy source and Device Guard incorrectly validates an untrusted file. Six elevation of privilege vulnerabilities are also patched.

Fragment Stack Vulnerability

Microsoft published a security advisory (CVE-2018-5391) for a Windows denial of service vulnerability but no fix, just a workaround. The fragment stack vulnerability was patched in the Linux kernel last month and can result in packet loss due to out-of-order IP packets being dropped. Microsoft discovered that the vulnerability also affects Windows systems and you can read about a workaround if you think you might be vulnerable tady.

Edge and Internet Explorer

CVE-2018-8457 is a scripting engine memory corruption vulnerability in Edge and IE that could be exploited via a malicious website or Office file. While it is thought that hackers already knew about this flaw, there is no evidence that it was being exploited prior to this month’s patches. There are nine other critical patches for both browsers that are all remote code execution vulnerabilities.

Microsoft Office

Office Click-To-Run gets a critical patch for the embedded fonts flaw that was also patched in Windows. There are three important patches, two of which are remote code execution flaws and one information disclosure.

Adobe Flash

Flash is no exception this month and Adobe has patched a privilege escalation flaw rated as important and detailed in CVE-2018-15967.

Okna 7 měsíční kumulativní

Some users have reported receiving error 0x8000FFF when installing this month’s rollup for Windows 7. According to the information I found on a support forum, this is connected to an out-of-date servicing stack. KB3177467 must be installed before this month’s rollup can be applied.

Spectre and L1TF Advisory Updates

V neposlední řadě, a speculative execution side-channel vulnerability, also referred to as L1 Terminal Fault (L1TF) that affects Intel CPUs, gets an updated advisory. Along with updated advice for Spectre on AMD processors. You can review the updated information on L1TF tady, and get the latest Spectre advice tady.

That is it for this month!

Pošta Patch Tuesday září 2018 se objevil na prvním místě Petri.

související Post

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

zanechte odpověď

Tato stránka používá Akismet snížit spam. Přečtěte si, jak se váš komentář údaje zpracovávány.