November Patch Tuesday- commentary from Ivanti

0

Chris Goettl, Manager of Product Management, Security, Ivanti

Microsoft has resolved 62 unique vulnerabilities across 16 updates. Amongst these are a Zero Day vulnerability in Windows 7, Server 2008 and Server 2008 R2 and a Public Disclosure in Windows 10, Server 2016 and Server 2019.

Microsoft has released additional Servicing Stack Updates for Windows 10, Server 2016, and Server 2019 this month. Last month they updated the Servicing Stack for Windows 7, Server 2008, and Server 2008 R2. The October updates look like you could encounter an issue where the update process would halt at “Stage 2 of 2” or “Stage 3 of 3” of the restart process. The guidance from Microsoft if you encounter the issue is to press Ctrl+Alt+Del to continue to log on. The error should only occur once and updates should still apply without issue.

Microsoft has resolved a Zero Day vulnerability (CVE-2018-8589) in Windows 7, Server 2008 and Server 2008 R2. The Elevation of Privilege vulnerability exists in Win32k.sys and could allow an attacker to run arbitrary code in the context of local system. The CVE is rated as Important and the attacker would need to log on to the system to exploit the vulnerability, but when exploited the attacker would gain full control of the affected system.

Microsoft has resolved a Public Disclosure vulnerability (CVE-2018-8566) in Windows 10, Server 2016 and Server 2019. The Security Feature Bypass vulnerability exists in BitLocker and could allow an attacker to bypass protection to gain access to encrypted data. To exploit the vulnerability the attacker must gain physical access to the target system. Systems that can be physically accessed and especially laptops will be a higher priority to get the update applied.

The priority this month should be all Windows OS updates and Edge. Internet Explorer has several Important vulnerabilities resolved as does Office, but all of the Critical vulnerabilities, exploits and disclosures are in the OS and Edge browser.

Microsoft is re-releasing Windows 10 1809 and Server 2019 after pulling them in October due to user data being deleted after upgrading.

Adobe released two updates this month resolving 2 unique CVEs. The Adobe Flash Player update this month is only resolving one important vulnerability. The Adobe Acrobat and Reader update (APSB18-40) resolves one important vulnerability (CVE-2018-15979) as well, but this CVE has been publicly disclosed according to the Adobe Bulletin Page. The vulnerability could allow an attacker to take advantage of a weakness in Microsoft NTLM to redirect a user to a malicious resource outside your organization to obtain the NTLM authentication messages.

Share.