Tuesday, June 12, 2018

Microsoft Patch Tuesday - June 2018

Executive Summary


Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 50 flaws, with 11 of them rated "critical," and 39 rated "important." These vulnerabilities impact Microsoft Edge, Internet Explorer, Chakra Scripting Engine, Windows DNSAPI, Microsoft Office, Windows Kernel and more.

In addition to the 50 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180014, the June 2018 Adobe Flash Security Update, which addresses the vulnerabilities described in the security bulletin.

Critical vulnerabilities


This month, Microsoft is addressing 11 vulnerabilities that are rated "critical." Talos believes these three vulnerabilities in particular are notable and require prompt attention.

CVE-2018-8225 - Windows DNSAPI Remote Code Execution Vulnerability

A remote code vulnerability is present within Windows DNS. This vulnerability manifests due to DNSAPI.dll improperly handling DNS responses. This vulnerability could allow a remote attacker to execute arbitrary code within the context of the LocalSystem account on affected systems. An attacker could leverage a malicious DNS server and send specially crafted DNS responses to trigger this vulnerability.

CVE-2018-8229 - Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability is present within Microsoft Scripting Engine. This vulnerability manifests due to the Chakra engine improperly handling objects in memory. This vulnerability could be leveraged by attackers to execute arbitrary code on affected systems within the context of the current user. This vulnerability could be leveraged in web-based attacks where a user is convinced to visit a web page that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker controlled webpage, or simply a page that hosts external content, such as advertisements.

CVE-2018-8267 - Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability is present within Microsoft Scripting Engine. This vulnerability manifests due to scripting engine not properly handling objects in memory in Internet Explorer. This vulnerability could be leveraged by attackers to execute arbitrary code on affected systems within the context of the current user. This vulnerability was publicly disclosed prior to a patch being made available.

Other vulnerabilities deemed "critical" are listed below:

Important vulnerabilities


This month, Microsoft is addressing 39 vulnerabilities that are rated "important." One of these vulnerabilities is TALOS-2018-0545, which was assigned CVE-2018-8210. This vulnerability is a Windows remote code execution flaw that was discovered by Marcin Noga of Cisco Talos. Additional information related to this vulnerability can be found in the advisory report here.

Additionally, Talos believes the following vulnerability is notable and requires prompt attention.

CVE-2018-8227 - Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability is present within the Microsoft Scripting Engine. This vulnerability manifests due to the Chakra engine improperly handling objects in memory. This vulnerability could be leveraged by attackers to execute arbitrary code on affected systems within the context of the current user. This vulnerability could be leveraged in web-based attacks where a user is convinced to visit a web page that has been specially crafted to exploit this vulnerability. This could be in the form of an attacker controlled webpage, or simply a page that hosts external content, such as advertisements.

Other vulnerabilities deemed "important" are listed below:

Coverage


In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detects attempts to exploit them. Please note that additional rules may be released in the future, and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.

Snort Rules:
  • 45628, 46927 - 46930, 46933 - 46935, 46938 - 46945, 46951 - 46958, 46961 - 46962

No comments:

Post a Comment