November, 2018: Patch Tuesday: One CVE Attacked in the Wild and BitLocker Guidance

Welcome to this November Patch Tuesday Bulletin. This month we have 61 unique CVE’s listed, 4 technologies with critical vulnerabilities, and 1 CVE being exploited in the wild. Take a look at which hosts are vulnerable to CVE-2018-8589. This is an elevation of privilege vulnerability that has been exploited in the wild. The attacker will need to run a maliciously crafted application on the system to elevate their privileges. There have been recent reports of vulnerabilities found in self encrypting drives that could allow access to data on the disk when the attacker has physical access. Microsoft has released guidance on mitigating these vulnerabilities by forcing software encryption with BitLocker. Normally BitLocker will default to hardware encryption if it is present, but this can be changed through group policy. If affected disks are present in the environment then review the guidance and determine if the BitLocker mitigation is feasible. Review the environment for the existence of Azure App Service on Azure Stack, Team Foundation Server, and Dynamics 365. These are relatively new technologies in Patch Tuesday and may need a testing plan developed.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

IE

IE 9, 10, 11

Important

CVE-2018-8552

CVE-2018-8570

*Workaround: No

**Exploited: No

Information Disclosure

Remote Code Execution

Edge

All

Critical

CVE-2018-8541

CVE-2018-8542

CVE-2018-8543

CVE-2018-8545

CVE-2018-8551

CVE-2018-8555

CVE-2018-8556

CVE-2018-8557

CVE-2018-8564

CVE-2018-8567

CVE-2018-8588

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

Spoofing

Elevation of Privilege

 

Windows

Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019

Windows 7, 8.1, RT 8.1, 10

Critical

CVE-2018-8256

CVE-2018-8407

CVE-2018-8408

CVE-2018-8415

CVE-2018-8417

CVE-2018-8450

CVE-2018-8454

CVE-2018-8471

CVE-2018-8476

CVE-2018-8485

CVE-2018-8544

CVE-2018-8547

CVE-2018-8549

CVE-2018-8550

CVE-2018-8553

CVE-2018-8554

CVE-2018-8561

CVE-2018-8562

CVE-2018-8563

CVE-2018-8565

CVE-2018-8566

CVE-2018-8584

CVE-2018-8589**

CVE-2018-8592

ADV180028

 

*Workaround: No

**Exploited: Yes

Defense in Depth

Remote Code Execution

Information Disclosure

Tampering

Security Feature Bypass

Elevation of Privilege

Spoofing

 

Office, Office Services, Office Web Apps

Office 365 ProPlus,

Word 2010, 2013, 2016

SharePoint 2010, 2013, 2016, 2019

Project 2010, 2013, 2016

Outlook 2010, 2013, 2016

Office Web Apps 2010, 2013

Office 2010, 2013, 2016, 2019

Lync 2013

Excel 2010, 2013, 2016

Important

CVE-2018-8522

CVE-2018-8524

CVE-2018-8539

CVE-2018-8546

CVE-2018-8558

CVE-2018-8568

CVE-2018-8572

CVE-2018-8573

CVE-2018-8574

CVE-2018-8575

CVE-2018-8576

CVE-2018-8577

CVE-2018-8578

CVE-2018-8579

CVE-2018-8582

*Workaround: No

**Exploited: No

Remote Code Execution

Denial of Service

Information Disclosure

Elevation of Privilege

 

ChakraCore

ChakraCore

Critical

CVE-2018-8541

CVE-2018-8542

CVE-2018-8543

CVE-2018-8551

CVE-2018-8555

CVE-2018-8556

CVE-2018-8557

CVE-2018-8588

*Workaround: No

**Exploited: No

Remote Code Execution

.NET Core

.NET Core 2.1

Moderate

CVE-2018-8416

*Workaround: No

**Exploited: No

Tampering

Skype for Business

Skype for Business 2016

Low

CVE-2018-8546

*Workaround: No

**Exploited: No

Denial of Service

Azure App Service on Azure Stack

Azure App Service on Azure Stack

Important

CVE-2018-8600

*Workaround: No

**Exploited: No

Spoofing

Team Foundation Server

Foundation Server 2017 3.1

Foundation Server 2018 1.1, 3, 3.1

Important

CVE-2018-8529

CVE-2018-8572

CVE-2018-8602

*Workaround: No

**Exploited: No

Remote Code Execution

Elevation of Privilege

Spoofing

 

Microsoft Dynamics 365 (on-premises)

Dynamics 365  version 8

Critical

CVE-2018-8605

CVE-2018-8606

CVE-2018-8607

CVE-2018-8608

CVE-2018-8609

*Workaround: No

**Exploited: No

Spoofing

Remote Code Execution


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.