Microsoft has released their latest wave of updates in the August 2018 Patch Tuesday addressing some serious vulnerabilities. Among them are issues related to the remote code execution and weaknesses exploited by popular viruses and Trojans to gain entry to the victim systems. Read on further to find out which issues have been fixed in the latest updates release.
Microsoft Released the August 2018 Patch Tuesday Updates: What Has been Fixed
One of the most severe issues that has been fixed is a vulnerability that was discovered in June. It is tracked under the CVE-2018-8414 advisory and details a Windows Shell Remote Code Execution. When this problem is exploited by the attackers a Windows Shell script will not validate properly the file paths. As a result the attackers can execute arbitrary code in the context of the currently logged user. If this is the currently logged administrator the malicious script can take control of the affected system. This effectively allows the hacker operators to install applications, retrieve or modify data. When the elevated privileges are acquired newer accounts can be created on the machine, effectively allowing constant remote desktop use. To exploit this issue the hacker operators will require the victims to open a malicious file. This can be done by sending out phishing emails, hosting infected payloads or using scripts that lead to the infection.
The other severe issue that has been fixed is tracked under the CVE-2018-8373 advisory detailing a remote code execution flaw. The problem has been found to be within Internet Explorer and the way it manages objects in memory. Fortunately there are not reports of active infections yet however upon further analysis the problem appears to be similar to another issue that has been addressed in the May Patch Tuesday updates. It was also used during the infection strategy of multiple Trojans.
A total of 20 critical issues have been addressed this month. They affect components of the operating system that are considered essential such as Microsoft Edge and Internet Explorer. Various remote code execution issues were found in Exchange, SQL Server and other products that also are part of the Microsoft suite.
Quasar RAT Warning! This vulnerability is connected to the distribution of the Quasar RAT. This fix and other related mechanisms are used to deliver the malware threat to target devices.
Issues that have raised serious concerns are the buffer overflow vulnerabilities that are used against Microsoft SQL Server 2016 and 2017. They can be used to perform network attacks from remote hosts, an effective tactic would be to utilize penetration testing platforms and botnets. A Microsoft Graphics remote code execution tracked under CVE-2018-8344 which affects the Windows Server editions from 2008 to 2016 and the desktop versions from 7 to 10.
The release notes indicate that updates for the following software have been released:
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- ChakraCore
- Adobe Flash Player
- .NET Framework
- Microsoft Exchange Server
- Microsoft SQL Server
- Visual Studio