The company recommends users to update their systems as soon as possible, because among the errors found there are zero-day vulnerabilities
Last Tuesday Microsoft has launched a new round of security updates for the Windows operating system and other Microsoft products, reported experts in digital forensics and cybersecurity from the International Institute of Cyber Security.
This month, Windows users and sysadmins must immediately take care of updating to correct a total of 63 security vulnerabilities, of which 12 are considered critical, 49 relevant, one moderated and one low-severity.
Two of the errors solved by the technology giant this month had not been publicly disclosed until now; in addition, specialists in digital forensics report that one of the vulnerabilities is being actively exploited in real environments by multiple groups of cybercriminals.
Zero-day vulnerability exploited
The zero-day vulnerability, tracked as CVE-2018-8589, was detected and reported for the first time by researchers from a Russian cybersecurity and digital forensicsfirm, and it’s being exploited in real scenarios by multiple advanced persistent threat groups.
The error resides in the Win32k component (win32k.sys), and if successfully exploited, it could allow a malicious program to execute arbitrary code in kernel mode and raise the privileges of the attacker on an affected Windows 7, Server 2008, or Server 2008 R2 system, allowing them to take control.
“The exploit was executed by the first stage of a malware installer to obtain the necessary privileges for its persistence in the victim’s system. So far, we have detected a very limited number of successful exploits of this vulnerability,” researchers mentioned.
Two zero-day vulnerabilities disclosed
The other two recently disclosed zero-day vulnerabilities (and of which no evidence of exploitation has been found) reside in the Windows Advanced Local Procedure Call service (ALPC) and the Microsoft BitLocker security feature.
The ALPC-related vulnerability, tracked as CVE-2018-8584, is a privilege escalation vulnerability that could be exploited when running an application specially designed to execute arbitrary code in the local context system security and take control of an affected system.
APLC facilitates safe and high-speed data transfer between one or more processes in user mode.
The second publicly disclosed vulnerability, tracked as CVE-2018-8566, occurs when Windows unduly suspends BitLocker device encryption, which could allow an attacker with physical access to an off system to omit security and get access to encrypted data.
BitLocker caught the attention of the cybersecurity community in early November for a security issue that could expose some Windows users’ encrypted data due to default configuration and poor encryption in self-encryption solid state units.
Of the 12 critical bugs, 8 are memory corruption vulnerabilities in the Chakra script engine present due to the way the script engine handles objects in the Microsoft Edge browser. All of these 8 errors could be exploited to corrupt the memory, allowing an attacker to execute code in the context of the current user.
Three of the remaining vulnerabilities are remote code execution errors on the TFTP server of Windows Deployment Services, all residing because of the way the affected software handles objects in memory.
The latest critical vulnerability is also a remote code execution flaw found in Microsoft Dynamics 365 version 8. The error exists when the server cannot properly disinfect web requests to an affected Dynamics server.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.