Posted: 15 Min Read Threat Intelligence

Microsoft Patch Tuesday – June 2018

This month the vendor has patched 50 vulnerabilities, 11 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the June 2018 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office
  • Microsoft Hyper-V
  • Microsoft Windows
  • Device Guard Code
  • ChakraCore

     

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8236)MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-8243)MS Rating: Critical

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Internet Explorer Memory Corruption Vulnerability (CVE-2018-8249)MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-8267)MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8110)MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8111)MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8229)MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0871)MS Rating: Important

    An information disclosure vulnerability exists when Edge improperly marks files. An attacker who successfully exploited this vulnerability could exfiltrate file contents from disk. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Internet Explorer Memory Corruption Vulnerability (CVE-2018-0978)MS Rating: Important

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Internet Explorer Security Feature Bypass Vulnerability (CVE-2018-8113)MS Rating: Important

    A security bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8227)MS Rating: Important

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Information Disclosure Vulnerability (CVE-2018-8234)MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user’s system. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Security Bypass Vulnerability (CVE-2018-8235)MS Rating: Important

    A security bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. An attacker can exploit this issue to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2018-8244)MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft Outlook does not validate attachment headers properly. An attacker who successfully exploited the vulnerability could send an email with hidden attachments that would be opened or executed once a victim clicks a link within the email.

     

    Microsoft Office Elevation of Privilege Vulnerability (CVE-2018-8245)MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone.

     

    Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8246)MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.

     

    Microsoft Office Elevation of Privilege Vulnerability (CVE-2018-8247)MS Rating: Important

    A privilege escalation vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8248)MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-8252)MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-8254)MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

  3. Cumulative Security Update for Microsoft Hyper-V

    Windows Hyper-V Denial of Service Vulnerability (CVE-2018-8218)MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.

     

    Hypervisor Code Integrity Elevation of Privilege Vulnerability (CVE-2018-8219)MS Rating: Important

    A privilege escalation vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels. An attacker who successfully exploited this vulnerability could gain elevated privileges on a target guest operating system.

     

  4. Cumulative Security Update for Microsoft Windows Kernel

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-8121)MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. An attacker can exploit this issue by running a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-8207)MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

     

    Windows Kernel Elevation of Privilege Vulnerability (CVE-2018-8224)MS Rating: Important

    A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Win32k Elevation of Privilege Vulnerability (CVE-2018-8233)MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

  5. Cumulative Security Update for Microsoft Windows

    Media Foundation Memory Corruption Vulnerability (CVE-2018-8251)MS Rating: Critical

    A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

     

    Windows Remote Code Execution Vulnerability (CVE-2018-8213)MS Rating: Critical

    A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.

     

    Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)MS Rating: Critical

    A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI. dll when it fails to properly handle DNS responses.

     

    HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2018-8231)MS Rating: Critical

    A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system.

     

    Windows Elevation of Privilege Vulnerability (CVE-2018-0982)MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.

     

    NTFS Elevation of Privilege Vulnerability (CVE-2018-1036)MS Rating: Important

    A privilege escalation vulnerability exists when NTFS improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Windows Code Integrity Module Denial of Service Vulnerability (CVE-2018-1040)MS Rating: Important

    A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing. An attacker who successfully exploited the vulnerability could cause a system to stop responding.

     

    Cortana Elevation of Privilege Vulnerability (CVE-2018-8140)MS Rating: Important

    A privilege escalation vulnerability exists when Cortana retrieves data from user input services without consideration for status. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.

     

    HIDParser Elevation of Privilege Vulnerability (CVE-2018-8169)MS Rating: Important

    A privilege escalation vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    WEBDAV Denial of Service Vulnerability (CVE-2018-8175)MS Rating: Important

    An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory. An attacker who successfully exploited the vulnerability could cause a denial of service.

     

    Windows Denial of Service Vulnerability (CVE-2018-8205)MS Rating: Important

    A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

     

    Windows Desktop Bridge Elevation of Privilege Vulnerability (CVE-2018-8208)MS Rating: Important

    A privilege escalation vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Windows Wireless Network Profile Information Disclosure Vulnerability (CVE-2018-8209)MS Rating: Important

    An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user. An authenticated attacker who successfully exploited the vulnerability could access the Wireless LAN profile of an administrative user, including passwords for wireless networks.

     

    Windows Remote Code Execution Vulnerability (CVE-2018-8210)MS Rating: Important

    A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.

     

    HTTP.sys Denial of Service Vulnerability (CVE-2018-8226)MS Rating: Important

    A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2018-8239)MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user’s system.

     

    Windows Desktop Bridge Elevation of Privilege Vulnerability (CVE-2018-8214)MS Rating: Important

    A privilege escalation vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

  6. Cumulative Security Update for Microsoft Device Guard Code

    Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2018-8211)MS Rating: Important

    A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

     

    Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2018-8212)MS Rating: Important

    A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

     

    Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2018-8215)MS Rating: Important

    A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

     

    Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2018-8216)MS Rating: Important

    A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

     

    Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2018-8217)MS Rating: Important

    A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

     

    Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2018-8221)MS Rating: Important

    A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

     

    Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2018-8201)MS Rating: Important

    A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Ratheesh PM

Sr Threat Analysis Engineer

Ratheesh is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.