Posted: 12 Min ReadThreat Intelligence

Microsoft Patch Tuesday – December 2018

This month the vendor has patched 39 vulnerabilities, 9 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December 2018 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • ChakraCore
  • Microsoft Office
  • Microsoft .NET Framework
  • Microsoft Dynamics NAV
  • Microsoft Exchange Server
  • Microsoft Windows
  • Microsoft Visual Studio
  • Windows Azure Pack


The following is a breakdown of the issues being addressed this month: 

  1. Cumulative Security Update for Microsoft Browsers

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8583) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8617) MS Rating: Critical 

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8618) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8629) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Internet Explorer Memory Corruption Vulnerability (CVE-2018-8631) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8624) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Internet Explorer Remote Code Execution Vulnerability (CVE-2018-8619) MS Rating: Important

    A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges (the permissions of the current user).

     

    Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8625) MS Rating: Important

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-8643) MS Rating: Important

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft SharePoint Information Disclosure Vulnerability (CVE-2018-8580) MS Rating: Important

    An information disclosure vulnerability exists where certain modes of the search function. An attacker can exploit this issue to conduct cross-site search attacks and obtain Personally Identifiable Information (PII).

     

    Microsoft Outlook Remote Code Execution Vulnerability (CVE-2018-8587) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8597) MS Rating: Important 

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8598) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.

     

    Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8627) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.

     

    Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2018-8628) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft SharePoint Server Privilege Escalation Vulnerability (CVE-2018-8635) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable server in the context of the SharePoint application pool account.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8636) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Office SharePoint XSS Vulnerability (CVE-2018-8650) MS Rating: Important

    A cross-site-scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server.

     

  3. Cumulative Security Update for Microsoft Windows Kernel

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-8477) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.

     

    Windows Kernel Privilege Escalation Vulnerability (CVE-2018-8611) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-8621) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-8622) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.

     

    Win32k Information Disclosure Vulnerability (CVE-2018-8637) MS Rating: Important

    An information disclosure vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass. An attacker who successfully exploited this vulnerability could retrieve the memory address of a kernel object.

     

    Win32k Privilege Escalation Vulnerability (CVE-2018-8639) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Win32k Privilege Escalation Vulnerability (CVE-2018-8641) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

  4. Cumulative Security Update for Microsoft Windows

    Windows DNS Server Heap Overflow Vulnerability (CVE-2018-8626) MS Rating: Critical

    A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account.

     

    Microsoft Text-To-Speech Remote Code Execution Vulnerability (CVE-2018-8634) MS Rating: Critical

    A remote code execution vulnerability exists in Windows where Microsoft text-to-speech fails to properly handle objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    Remote Procedure Call runtime Information Disclosure Vulnerability (CVE-2018-8514) MS Rating: Important

    An information disclosure vulnerability exists when Remote Procedure Call runtime improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2018-8595) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2018-8596) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system.

     

    Diagnostics Hub Standard Collector Service Privilege Escalation Vulnerability (CVE-2018-8599) MS Rating: Important

    A privilege escalation vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.

     

    Connected User Experiences and Telemetry Service Denial of Service Vulnerability (CVE-2018-8612) MS Rating: Important

    A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values. An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.

     

    DirectX Information Disclosure Vulnerability (CVE-2018-8638) MS Rating: Important

    An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.

     

    Windows Denial of Service Vulnerability (CVE-2018-8649) MS Rating: Important

    A denial of service vulnerability exists when Windows improperly handles objects in memory.. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

     

  5. Security Update for Microsoft .NET Framework

    .NET Framework Remote Code Injection Vulnerability (CVE-2018-8540) MS Rating: Critical

    A remote code execution vulnerability exists when the Microsoft . NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.

     

    .NET Framework Denial Of Service Vulnerability (CVE-2018-8517) MS Rating: Important

    A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application.

     

  6. Security Update for Microsoft Exchange Server

    Microsoft Exchange Server Tampering Vulnerability (CVE-2018-8604) MS Rating: Important

    A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.

     

  7. Security Update for Microsoft Windows Azure Pack

    Windows Azure Pack Cross Site Scripting Vulnerability (CVE-2018-8652) MS Rating: Important

    A cross-site Scripting vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input.

     

  8. Security Update for Microsoft Dynamics NAV

    Microsoft Dynamics NAV Cross Site Scripting Vulnerability (CVE-2018-8651) MS Rating: Important

    A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics NAV server.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Ratheesh PM

Sr Threat Analysis Engineer

Ratheesh is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.