This month’s Patch Tuesday fixes a JET Database Engine Vulnerability (CVE-2018-8423) that Trend Micro’s Zero Day Initiative (ZDI) disclosed last September together with a proof of concept code. The vulnerability, which was rated as Important, can allow an attacker to send a specially crafted file containing data in the JET database format. When accessed on a machine, it can allow the JET database engine to execute an out-of-bounds write that would then allow for remote code execution. This month, Microsoft released 49 patches and two advisories, with 12 listed as Critical, 35 as Important, one Moderate, and one Low. Of the 49 CVEs, eight were disclosed through the ZDI program.
The patch release also fixed a vulnerability that’s currently under active attack: CVE-2018-8453, which is a Win32K elevation of privilege zero-day discovered by security researchers from Kaspersky Labs. To exploit this bug, an attacker must first successfully log into the system. However, once a system is infiltrated, an attacker can install programs as well as view, modify, or even delete data. It can also allow attackers to create new accounts with full user rights on an infiltrated system. This month’s patch corrects how Win32K handles objects in memory.
Meanwhile, on the Adobe front, a massive 86 CVEs were patched in total. On October 1, early patches were released for both Acrobat and Reader, while additional patches for Flash, Framemaker, Adobe Digital Editions, and the Adobe Technical Communications Suite were released on Patch Tuesday. 47 of the bugs are listed as Critical, and a total of 14 were handled by the ZDI.
Trend Micro™ Deep Security and Vulnerability Protection protect user systems from any threats that may target the vulnerabilities addressed in this month’s round of updates via the following DPI rules:
- 1004373 - Identified DLL Side Loading Attempt Over Network Share (CVE-2010-3190)
- 1009330 - Microsoft MFC Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3190)
- 1009331 - Microsoft Filter Manager Elevation Of Privilege Vulnerability (CVE-2018-8333)
- 1009333 - Microsoft Windows Theme API Remote Code Execution Vulnerability (CVE-2018-8413)
- 1009335 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8460)
- 1009336 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8491)
- 1009337 - Microsoft Windows Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2018-8492)
- 1009338 - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8495)
- 1009339 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8505)
- 1009340 - Microsoft Windows Multiple Security Vulnerabilities (Oct-2018)
- 1009341 - Microsoft MFC Insecure Library Loading Vulnerability Over WebDAV (CVE-2010-3190)
Trend Micro™ TippingPoint™ customers are protected from threats that may exploit this month’s list of vulnerabilities via these MainlineDV filters:
- 30711: HTTP: Microsoft Windows Malicious Dwmapi.dll File Download
- 32732: HTTP: Microsoft Internet Explorer msCrypto Use-After-Free Vulnerability
- 33120: SMB: Microsoft Windows Out-of-Bounds Write Vulnerability
- 33122: HTTP: Microsoft Windows Input Validation Vulnerability
- 33123: HTTP: Microsoft Edge CSS Use-After-Free Vulnerability
- 33124: HTTP: Microsoft Windows DirectX Information Disclosure Vulnerability
- 33132: HTTP: Microsoft Edge Windows Shell Memory Corruption Vulnerability
- 33134: HTTP: Microsoft Edge Chakra JIT Type Confusion Vulnerability
- 33147: HTTP: Microsoft PowerShell XML/XSL COM Instantiation and Transformation Usage