Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Microsoft Patch Tuesday, November 2018

The second to last Patch Tuesday of 2018 is here with patches for 55 CVEs. This includes 11 rated "Critical", 42 rated "Important" and one each rated "Moderate" and "Low". The release also contains three advisories including the standard patch rollup for Adobe Flash, an advisory rated "Important" covering an elevation of privilege vulnerability in Microsoft Surface devices and a final, unrated advisory to provide guidance for configuring BitLocker for file encryption.

Our old friend the Microsoft Scripting Engine is back with Remote Code Execution (RCE) vulnerabilities taking up the majority of the "Critical" CVE list, but also pay attention to CVE-2018-8476 which is a RCE vulnerability in the Windows TFTP server. Among the CVEs rated as "Important" are RCE vulnerabilities that affect client side software like Excel, Word, Project, PowerShell and Outlook. Microsoft Exchange Server and Microsoft SharePoint are also on the list with Elevation of Privilege so make sure these servers get patched, especially if they're public facing.

Here in the US, November is a time to give thanks, so let's be thankful for patches that plug security holes.

Critical

Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588
Remote Code Execution

Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2018-8553
Remote Code Execution

Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
CVE-2018-8476
Remote Code Execution

Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-8544
Remote Code Execution

November 2018 Adobe Flash Security Update
ADV180025
Remote Code Execution

Important

Active Directory Federation Services XSS Vulnerability
CVE-2018-8547
Spoofing

Azure App Service Cross-site Scripting Vulnerability
CVE-2018-8600
Spoofing

BitLocker Security Feature Bypass Vulnerability
CVE-2018-8566
Security Feature Bypass

DirectX Elevation of Privilege Vulnerability
CVE-2018-8485, CVE-2018-8554, CVE-2018-8561
Elevation of Privilege

DirectX Information Disclosure Vulnerability
CVE-2018-8563
Information Disclosure

Internet Explorer Memory Corruption Vulnerability
CVE-2018-8570
Remote Code Execution

Microsoft Edge Elevation of Privilege Vulnerability
CVE-2018-8567
Elevation of Privilege

Microsoft Edge Information Disclosure Vulnerability
CVE-2018-8545
Information Disclosure

Microsoft Edge Spoofing Vulnerability
CVE-2018-8564
Spoofing

Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8574, CVE-2018-8577
Remote Code Execution

Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2018-8581
Elevation of Privilege

Microsoft JScript Security Feature Bypass Vulnerability
CVE-2018-8417
Security Feature Bypass

Microsoft Outlook Information Disclosure Vulnerability
CVE-2018-8558, CVE-2018-8579
Information Disclosure

Microsoft Outlook Remote Code Execution Vulnerability
CVE-2018-8522, CVE-2018-8524, CVE-2018-8576, CVE-2018-8582
Remote Code Execution

Microsoft PowerShell Remote Code Execution Vulnerability
CVE-2018-8256
Remote Code Execution

Microsoft Powershell Tampering Vulnerability
CVE-2018-8415
Tampering

Microsoft Project Remote Code Execution Vulnerability
CVE-2018-8575
Remote Code Execution

Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability
CVE-2018-8471
Elevation of Privilege

Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8568, CVE-2018-8572
Elevation of Privilege

Microsoft SharePoint Information Disclosure Vulnerability
CVE-2018-8578
Information Disclosure

Microsoft Word Remote Code Execution Vulnerability
CVE-2018-8539, CVE-2018-8573
Remote Code Execution

MSRPC Information Disclosure Vulnerability
CVE-2018-8407
Information Disclosure

Win32k Elevation of Privilege Vulnerability
CVE-2018-8562
Elevation of Privilege

Win32k Information Disclosure Vulnerability
CVE-2018-8565
Information Disclosure

Windows ALPC Elevation of Privilege Vulnerability
CVE-2018-8584
Elevation of Privilege

Windows Audio Service Information Disclosure Vulnerability
CVE-2018-8454
Information Disclosure

Windows COM Elevation of Privilege Vulnerability
CVE-2018-8550
Elevation of Privilege

Windows Elevation Of Privilege Vulnerability
CVE-2018-8592
Elevation of Privilege

Windows Kernel Information Disclosure Vulnerability
CVE-2018-8408
Information Disclosure

Windows Scripting Engine Memory Corruption Vulnerability
CVE-2018-8552
Information Disclosure

Windows Search Remote Code Execution Vulnerability
CVE-2018-8450
Remote Code Execution

Windows Security Feature Bypass Vulnerability
CVE-2018-8549
Security Feature Bypass

Windows Win32k Elevation of Privilege Vulnerability
CVE-2018-8589
Elevation of Privilege

Microsoft Surface Devices Elevation of Privilege Vulnerability
ADV180027
Security Feature Bypass

Moderate

.NET Core Tampering Vulnerability
CVE-2018-8416
Tampering

Low

Microsoft Skype for Business Denial of Service Vulnerability
CVE-2018-8546
Denial of Service

Not Rated

Guidance for configuring BitLocker to enforce software encryption
ADV180028

Latest SpiderLabs Blogs

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More

Breakdown of Tycoon Phishing-as-a-Service System

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group.

Read More