VERT Threat Alert: November 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-805 on Wednesday, November 14th.

In-The-Wild & Disclosed CVEs

CVE-2018-8589

This vulnerability was reported to Microsoft by Kaspersky Labs, who discovered it being exploited by multiple threat actors. The target, at this point, has been Windows 7 x86 systems. The vulnerability takes advantage of a flaw in Windows handles calls to Win32k.sys and could allow an attacker to execute code in the context of the local system.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases.

CVE-2018-8584

This latest Advanced Local Procedure Call (ALPC) privilege escalation vulnerability could allow attackers to execute code in the context of the local system.

Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2018-8566

This physical attack allows attackers to bypass BitLocker during a system reboot because Windows improperly suspends BitLocker Device Encryption. It is important to note that this is not related to Security Advisory [ADV180028] regarding hardware encryption on self-encrypting drives.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.