Exploits & Vulnerabilities
September Patch Tuesday: Windows Fixes ALPC Bug
September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface.
September’s Patch Tuesday provides a security patch for CVE-2018-8440, an elevation of privilege vulnerability that occurs when Windows incorrectly handles calls to the Advanced Local Procedure Call (ALPC) interface. This bug allows threat actors to run code with administrative privileges, install programs, or even create new accounts with full user rights. This bug’s source code has been publicly disclosed as of August 27 via Twitter and has been seen actively used in malicious campaigns as early as September 5.
This month's Patch Tuesday includes 61 CVEs from Windows, ten of which came through from Trend Micro’s Zero Day Initiative. Of the listed vulnerabilities, 17 were rated as Critical, 43 as Important, and one as Moderate.
CVE-2018-8475, a critical Windows remote code execution vulnerability, was also patched this month. This bug allows threat actors to execute code just by making someone view an image with malicious code. This bug, which is easily exploitable, will likely be seen as an exploit in the wild soon.
This month’s Patch Tuesday also addresses two Adobe updates encompassing 10 CVEs. The first update fixes an information disclosure vulnerability for Windows Flash Player, while the second addresses several code execution and information disclosure bugs in ColdFusion.
Trend Micro™ Deep Security and Vulnerability Protection protect user systems from any threats that may target the vulnerabilities addressed in this month’s round of updates via the following DPI rules:
- 1009270-Microsoft Windows Task Scheduler ALPC Privilege Escalation Vulnerability (CVE-2018-8440)
- 1009276-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8367)
- 1009277-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8391)
- 1009290-Microsoft Windows Multiple Security Vulnerabilities (Sep-2018)
- 1009279-Microsoft Windows MSXML Remote Code Execution Vulnerability (CVE-2018-8420)
- 1009280-Microsoft Windows Kernel Information Disclosure Vulnerability (CVE-2018-8442)
- 1009281-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8447)
- 1009290-Microsoft Windows Multiple Security Vulnerabilities (Sep-2018)
- 1009283-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8456)
- 1009284-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8459)
- 1009285-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8461)
- 1009286-Microsoft Edge PDF Remote Code Execution Vulnerability (CVE-2018-8464)
- 1009287-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8466)
- 1009288-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8467)
- 1009289-Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2018-8470)
- 1009293-Microsoft Windows Remote Code Execution Vulnerability (CVE-2018-8475)
Trend Micro™ TippingPoint™ customers are protected from threats that may exploit this month’s list of vulnerabilities via these MainlineDV filters:
- 32922: HTTP: Microsoft Edge Chakra Memory Corruption Vulnerability
- 32923: HTTP: Microsoft Edge Scripting Engine Memory Corruption Vulnerability
- 32924: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
- 32903: HTTP: Microsoft Windows ALPC Privilege Escalation Vulnerability
- 32936: HTTP: Microsoft NT Kernel driver API Information Disclosure Vulnerability
- 32236: HTTP: Microsoft Internet Explorer insertRow Memory Corruption Vulnerability
- 32937: HTTP: Microsoft Edge defineProperty Type Confusion Vulnerability
- 32929: HTTP: Internet Explorer onresize Memory Corruption Vulnerability
- 32925: HTTP: Microsoft Edge PDF Parser Memory Corruption Vulnerability
- 32927: HTTP: Microsoft Edge Chakra Type Confusion Vulnerability
- 32928: HTTP: Microsoft Edge Chakra Type Confusion Vulnerability
- 33055: HTTP: Microsoft Windows TIFF Parsing Buffer Overflow Vulnerability