Microsoft patches 0-day Windows flaw under attack

Microsoft has released a patch for a Windows elevation of privilege flaw that it says is being exploited.

The flaw, tracked as CVE-2018-8543, is in the Win32k component of Windows and could be used to run malicious code in kernel mode, allowing an attacker to install programs, modify data, and create new accounts with full user rights. 

Microsoft notes that an attacker would need to log on to a vulnerable system before exploiting the flaw, and then run malware that exploits the vulnerability in order to take control of an affected system. 

Security updates are available for all supported versions of Windows 10 through to Windows 7 and Windows Server.

Microsoft hasn’t shared details about the attacks but credited Kaspersky Lab for reporting the flaw, which is likely being used in targeted attacks. 

The patch is part of Microsoft’s scheduled October Patch Tuesday update, which addresses 49 security flaws in total, 12 of which are critical, and 35 of which are rated as important. It also has fixes for one moderate and one low severity issue. 

As noted by Trend Micro’s Zero Day Initiative (ZDI), three of the flaws are publicly known, including a remote code execution flaw in the Microsoft JET database, a Windows kernel elevation of privilege flaw, and an Azure IoT device client SDK memory corruption bug.

The critical flaws were found in Internet Explorer, Microsoft Edge, Windows Hyper-V, and Microsoft's Chakra scripting engine. 

ZDI’s Dustin Childs also spotted an update to old bug, CVE-2010-3190, that was first addressed in 2010. The issue stemmed from insecure programming practices that allowed "binary planting" or "DLL preloading attacks”, according to Microsoft’s writeup on the issue

Read more: Windows 10 October 2018 Update refines ransomware protection

Between 2010 and 2014 Microsoft has released fixes for the same issue affecting Office, Windows, the Windows address book, Windows backup manager, Windows Media, and other products. 

The latest product it’s discovered were impacted by this class of flaw is Exchange Server. All versions prior to Exchange Server 2016 Cumulative Update 11 need to be patched, according to Microsoft’s advisory.    

Microsoft also warned customers with Windows 7 and Windows Server 2008 R2 machines they’ll need install the Servicing Stack Update (SSU) 3177467 before installing the October 2018 security updates. The absence of an SSU from 2016 could cause the update to fail to install. 

Microsoft recently explained the importance of installing SSUs, which were previously not labelled as security updates and so were missed by some customers. In turn, this caused problems installing this year's August and September security-only updates and Monthly Rollups. Affected customers were advised to install the October 2016 Windows 7 SP1 SSU (KB 3177467), and then install the newer updates to avoid the problem. 

Read more: PDF patch time: fixes land for over 100 flaws in Adobe's and Foxit's PDF software

  

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags MicrosoftWindowskaspersky labPatch Tuesday

More about KasperskyKaspersky LabMicrosoftTrend Micro

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts