In this month’s Patch Tuesday, Microsoft released a significant round of security updates addressing 63 vulnerabilities within its products, including the Windows operating system. Among these, 12 vulnerabilities have been categorized as critical, 49 as important, one as moderate, and one as low in severity. System administrators are urged to prioritize these updates to mitigate potential risks.
Of particular concern are two vulnerabilities that became public knowledge at the time of the patch release, with one identified as being actively exploited by various cybercriminal groups. These vulnerabilities could pose severe risks to systems still running Windows 7, Server 2008, and Server 2008 R2.
A zero-day vulnerability, known as CVE-2018-8589, has been a focus of attention, highlighted for active exploitation by advanced persistent threat groups. Security researchers from Kaspersky Labs initially identified this flaw, which exists in the Win32k component. If successfully exploited, it could permit an attacker to execute arbitrary code in kernel mode, effectively allowing control over vulnerable systems. According to Kaspersky, the exploits utilize a malware installer to gain the necessary privileges for maintaining persistent access to compromised systems, although the number of targeted attacks so far appears limited.
Additional vulnerabilities include two labelled as publicly disclosed but not active. One involves the Windows Advanced Local Procedure Call (ALPC) service, tracked as CVE-2018-8584, representing a privilege escalation risk, whereby an attacker could execute malicious code in the local system context through specially crafted applications. The second, identified as CVE-2018-8566, affects BitLocker encryption, potentially enabling a physically present attacker to bypass security measures and gain unauthorized access to encrypted data.
This month’s patch also addresses critical vulnerabilities tied to memory corruption in the Chakra scripting engine utilized within Microsoft Edge. Exploitation of these vulnerabilities could allow attackers to execute code simply by convincing users to visit a compromised website. The remaining critical vulnerabilities are remote code execution flaws found in the Windows Deployment Services TFTP server, Microsoft Graphics Components, and the VBScript engine, all resulting from how the affected software manages objects in memory. Additionally, a critical remote code execution flaw in Microsoft Dynamics 365 underscores the importance of adhering to best practices in web request sanitization.
With the spread of cyber threats, business owners must act swiftly to implement these critical updates. By ensuring that systems are patched against these vulnerabilities, organizations can safeguard against a multitude of potential cyberattacks that leverage techniques outlined in the MITRE ATT&CK framework, particularly in areas of initial access and privilege escalation.
System administrators should navigate to Settings, select Update & Security, then Windows Update, and check for available updates. Manual installation of the critical patches is also recommended to fortify defenses against malicious actors seeking to exploit these vulnerabilities.
To remain informed on such vital issues, consider following authoritative cybersecurity news sources for ongoing updates. The landscape of threats is constantly evolving, and proactive measures are essential in protecting organizational assets.