Microsoft Patch Tuesday August 2018

Several flaws patched, including a couple of zero-day vulns.

The zero-day vulns are:

CVE-2018-8414 | Windows Shell Remote Code Execution Vulnerability: A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.

An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on as an administrator, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with elevated privileges. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.

To exploit the vulnerability, an attacker must entice a user to open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link and open the specially crafted file.

This security update addresses the vulnerability by ensuring the Windows Shell properly validates file paths.

CVE-2018-8341 | Windows Kernel Information Disclosure Vulnerability: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.

SecurityWeek has a good breakdown of the patches.

Microsoft’s Security Advisory page for this Patch Tuesday is here.

© 2002 – 2018, John Obeto for Blackground Media Unlimited

AbsolutelyJohn - 2400px.jpg