It’s Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products.

This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity.

Two of the vulnerabilities patched by the tech giant this month are listed as publicly known at the time of release, and one flaw is reported as being actively exploited in the wild by multiple cybercriminal groups.

Zero-Day Vulnerability Being Exploited by Cyber Criminals

The zero-day vulnerability, tracked as CVE-2018-8589, which is being exploited in the wild by multiple advanced persistent threat groups was first spotted and reported by security researchers from Kaspersky Labs.

windows zero-day vulnerability

The flaw resides in the Win32k component (win32k.sys), which if exploited successfully, could allow a malicious program to execute arbitrary code in kernel mode and elevate its privileges on an affected Windows 7, Server 2008 or Server 2008 R2 to take control of it.

“The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system. So far, we have detected a very limited number of attacks using this vulnerability,” Kaspersky said.

Two Publicly Disclosed Zero-Day Vulnerabilities

The other two publicly known zero-day vulnerabilities which were not listed as under active attack reside in Windows Advanced Local Procedure Call (ALPC) service and Microsoft’s BitLocker Security Feature.

The flaw related to ALPC, tracked as CVE-2018-8584, is a privilege escalation vulnerability that could be exploited by running a specially crafted application to execute arbitrary code in the security context of the local system and take control over an affected system.

Advanced local procedure call (ALPC) facilitates high-speed and secure data transfer between one or more processes in the user mode.

The second publicly disclosed vulnerability, tracked as CVE-2018-8566, exists when Windows improperly suspends BitLocker Device Encryption, which could allow an attacker with physical access to a powered-off system to bypass security and gain access to encrypted data.

BitLocker was in headlines earlier this month for a separate issue that could expose Windows users encrypted data due to its default encryption preference and bad encryption on self-encrypting SSDs.

Microsoft did not fully address this issue; instead, the company simply provided a guide on how to manually change BitLocker default encryption choice.

November 2018 Patch Tuesday: Critical and Important Flaws

Out of 12 critical, eight are memory corruption vulnerabilities in the Chakra scripting engine that resides due to the way the scripting engine handles objects in memory in the Microsoft Edge internet browser.

All the 8 vulnerabilities could be exploited to corrupt memory, allowing an attacker to execute code in the context of the current user. To exploit these bugs, all an attacker needs to do is tricking victims into opening a specially crafted website on Microsoft Edge.

Rest three vulnerabilities are remote code execution bugs in the Windows Deployment Services TFTP server, Microsoft Graphics Components, and the VBScript engine. All these flaws reside due to the way the affected software handles objects in memory.

The last critical vulnerability is also a remote code execution flaw that lies in Microsoft Dynamics 365 (on-premises) version 8. The flaw exists when the server fails to properly sanitize web requests to an affected Dynamics server.

If exploited successfully, the vulnerability could allow an authenticated attacker to run arbitrary code in the context of the SQL service account by sending a specially crafted request to a vulnerable Dynamics server.

Windows Deployment Services TFTP Server Remote Code Execution VulnerabilityCVE-2018-8476Critical
Microsoft Graphics Components Remote Code Execution VulnerabilityCVE-2018-8553Critical
Chakra Scripting Engine Memory Corruption VulnerabilityCVE-2018-8588Critical
Chakra Scripting Engine Memory Corruption VulnerabilityCVE-2018-8541Critical
Chakra Scripting Engine Memory Corruption VulnerabilityCVE-2018-8542Critical
Chakra Scripting Engine Memory Corruption VulnerabilityCVE-2018-8543Critical
Windows VBScript Engine Remote Code Execution VulnerabilityCVE-2018-8544Critical
Chakra Scripting Engine Memory Corruption VulnerabilityCVE-2018-8555Critical
Chakra Scripting Engine Memory Corruption VulnerabilityCVE-2018-8556Critical
Chakra Scripting Engine Memory Corruption VulnerabilityCVE-2018-8557Critical
Chakra Scripting Engine Memory Corruption VulnerabilityCVE-2018-8551Critical
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution VulnerabilityCVE-2018-8609Critical
Azure App Service Cross-site Scripting VulnerabilityCVE-2018-8600Important
Windows Win32k Elevation of Privilege VulnerabilityCVE-2018-8589Important
BitLocker Security Feature Bypass VulnerabilityCVE-2018-8566Important
Windows ALPC Elevation of Privilege VulnerabilityCVE-2018-8584Important
Team Foundation Server Cross-site Scripting VulnerabilityCVE-2018-8602Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting VulnerabilityCVE-2018-8605Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting VulnerabilityCVE-2018-8606Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting VulnerabilityCVE-2018-8607Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting VulnerabilityCVE-2018-8608Important
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege VulnerabilityCVE-2018-8471Important
DirectX Elevation of Privilege VulnerabilityCVE-2018-8485Important
DirectX Elevation of Privilege VulnerabilityCVE-2018-8554Important
DirectX Elevation of Privilege VulnerabilityCVE-2018-8561Important
Win32k Elevation of Privilege VulnerabilityCVE-2018-8562Important
Microsoft SharePoint Elevation of Privilege VulnerabilityCVE-2018-8572Important
Microsoft Exchange Server Elevation of Privilege VulnerabilityCVE-2018-8581Important
Windows COM Elevation of Privilege VulnerabilityCVE-2018-8550Important
Windows VBScript Engine Remote Code Execution VulnerabilityCVE-2018-8552Important
Microsoft SharePoint Elevation of Privilege VulnerabilityCVE-2018-8568Important
Windows Elevation Of Privilege VulnerabilityCVE-2018-8592Important
Microsoft Edge Elevation of Privilege VulnerabilityCVE-2018-8567Important
DirectX Information Disclosure VulnerabilityCVE-2018-8563Important
MSRPC Information Disclosure VulnerabilityCVE-2018-8407Important
Windows Audio Service Information Disclosure VulnerabilityCVE-2018-8454Important
Win32k Information Disclosure VulnerabilityCVE-2018-8565Important
Microsoft Outlook Information Disclosure VulnerabilityCVE-2018-8558Important
Windows Kernel Information Disclosure VulnerabilityCVE-2018-8408Important
Microsoft Edge Information Disclosure VulnerabilityCVE-2018-8545Important
Microsoft SharePoint Information Disclosure VulnerabilityCVE-2018-8578Important
Microsoft Outlook Information Disclosure VulnerabilityCVE-2018-8579Important
PowerShell Remote Code Execution VulnerabilityCVE-2018-8256Important
Microsoft Outlook Remote Code Execution VulnerabilityCVE-2018-8522Important
Microsoft Outlook Remote Code Execution VulnerabilityCVE-2018-8576Important
Microsoft Outlook Remote Code Execution VulnerabilityCVE-2018-8524Important
Microsoft Word Remote Code Execution VulnerabilityCVE-2018-8539Important
Microsoft Word Remote Code Execution VulnerabilityCVE-2018-8573Important
Microsoft Excel Remote Code Execution VulnerabilityCVE-2018-8574Important
Microsoft Project Remote Code Execution VulnerabilityCVE-2018-8575Important
Microsoft Outlook Remote Code Execution VulnerabilityCVE-2018-8582Important
Windows Search Remote Code Execution VulnerabilityCVE-2018-8450Important
Microsoft Excel Remote Code Execution VulnerabilityCVE-2018-8577Important
Internet Explorer Memory Corruption VulnerabilityCVE-2018-8570Important
Microsoft JScript Security Feature Bypass VulnerabilityCVE-2018-8417Important
Windows Security Feature Bypass VulnerabilityCVE-2018-8549Important
Microsoft Edge Spoofing VulnerabilityCVE-2018-8564Important
Active Directory Federation Services XSS VulnerabilityCVE-2018-8547Important
Team Foundation Server Remote Code Execution VulnerabilityCVE-2018-8529Important
Yammer Desktop Application Remote Code Execution VulnerabilityCVE-2018-8569Important
Microsoft Powershell Tampering VulnerabilityCVE-2018-8415Important
.NET Core Tampering VulnerabilityCVE-2018-8416Moderate
Microsoft Skype for Business Denial of Service VulnerabilityCVE-2018-8546Low

This month’s security update also covers 46 important vulnerabilities in Windows, PowerShell, MS Excel, Outlook, SharePoint, VBScript Engine, Edge, Windows Search service, Internet Explorer, Azure App Service, Team Foundation Server, and Microsoft Dynamics 365.

Users and system administrators are strongly advised to apply the above security patches as soon as possible in order to keep hackers and cyber criminals away from taking control of their systems.

For installing security patch updates, head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.