微软11月补丁日回顾 | 在野与0day的纷纷扰扰

微软发布11月份安全补丁,修复62个安全漏洞

微软在昨日例行更新中发布了11月份的安全补丁,修复了62个安全漏洞。其中有13个漏洞被标记为关键漏洞。

继上次微软10月份更新像一剂猛毒般破坏了众多用户电脑后,微软于发布更新10天后撤下了更新,并于昨日重新发布,需要10月更新的用户可再次试水。

此次更新修复了众多已经出现在野攻击利用的漏洞,用户应及时应用更新补丁,当然这次最好提前最好数据备份。

 

漏洞摘要

此次更新涉及到的产品主要是浏览器的脚本引擎和Office,它们这次差不多占了补丁的半边天。同时这次还有一个蛮奇葩的漏洞,还是和刚才“臭名昭著”的10月份更新有关(1809),攻击者可在物理接触的情况下利用10月份更新进行提权,而此次11月份更新则修复了黑客可利用10月份更新进行提权的漏洞。

关于此漏洞的原理之类的官方公告并未细说,只是说通过安装更新后修改内置账户的方式修复此漏洞。

 

在野攻击0day漏洞修复

此次更新比较重要的一点是修复了之前已被在野利用的0day漏洞:CVE-2018-8589,此漏洞为卡巴斯基实验室发现,据称已被多个APT组织利用。漏洞为提权漏洞,影响系统中的Win32k组件,在APT组织找到方法入侵目标设备后即可实现提权(想必并不复杂)。关于此漏洞的分析文章预计将于近日发出。这也是近月以来修复的第二个提权漏洞了,上个月修复的CVE-2018-8453也被FruityArmor利用。

 

在野未攻击0day漏洞未修复

虽然刚讲过好消息,但是还有坏消息:推特上披露的0day漏洞还未修复(就是可以任意删除文件的那个,虽然除了删除敏感文件破坏计算机说不定还能删个WAF什么的,但依然没有太大作用)。毕竟10月底才披露的也不能苛责微软太多,不过可见推特治安还是有其局限性。虽然作者(这也是第二次推特披露)之后很快删除了推特,但Github项目并未删除且已被fork多次,虽然现在还未出现在野利用的消息,但接下来的一个月内恐怕可能会出现较为严重的问题。

 

并非漏洞的漏洞要修复

微软也发布了一个安全通告,详细指导用户该如何正确配置固态硬盘的BitLocker。这也是为了应对前日曝出的硬盘加密绕过漏洞,包括三星EVO等经典型号都会受到影响。

 

Adobe同样发布安全更新

就像上次说的,PoC是第一生产力。ColdFusion漏洞在例行更新时不温不火,过了月余在前日出现在野利用时便迅速占据了热点,不过不少企业肯定在例行补丁刚出时就已经及时分析并应用更新了。

此次更新也是一样,修复了Flash中的几个漏洞。虽然Flash大限将至,没两个月也快到2019了,但是Adobe对Flash还是尽了一点点心意。但是微软很不领情,除了督促用户尽快更新至最新版Flash外,还建议用户不要在自己的浏览器上开启(安装)Flash。

 

漏洞列表

Tag CVE ID CVE Title
.NET Core CVE-2018-8416 .NET Core Tampering Vulnerability
Active Directory CVE-2018-8547 Active Directory Federation Services XSS Vulnerability
Adobe Flash Player ADV180025 November 2018 Adobe Flash Security Update
Azure CVE-2018-8600 Azure App Service Cross-site Scripting Vulnerability
BitLocker CVE-2018-8566 BitLocker Security Feature Bypass Vulnerability
Internet Explorer CVE-2018-8570 Internet Explorer Memory Corruption Vulnerability
Microsoft Drivers CVE-2018-8471 Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability
Microsoft Dynamics CVE-2018-8605 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8607 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8606 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8609 Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability
Microsoft Dynamics CVE-2018-8608 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Edge CVE-2018-8564 Microsoft Edge Spoofing Vulnerability
Microsoft Edge CVE-2018-8545 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-8567 Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Exchange Server CVE-2018-8581 Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8565 Win32k Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-8485 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8562 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8553 Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2018-8561 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8554 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8563 DirectX Information Disclosure Vulnerability
Microsoft JScript CVE-2018-8417 Microsoft JScript Security Feature Bypass Vulnerability
Microsoft Office CVE-2018-8579 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office CVE-2018-8577 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8575 Microsoft Project Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8576 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8522 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8524 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8539 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8558 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office CVE-2018-8573 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8574 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8582 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2018-8578 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2018-8572 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2018-8568 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft PowerShell CVE-2018-8256 Microsoft PowerShell Remote Code Execution Vulnerability
Microsoft PowerShell CVE-2018-8415 Microsoft PowerShell Tampering Vulnerability
Microsoft RPC CVE-2018-8407 MSRPC Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-8557 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8552 Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8551 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8556 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8555 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8541 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8542 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8588 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8544 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2018-8543 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2018-8592 Windows Elevation Of Privilege Vulnerability
Microsoft Windows ADV180028 Guidance for configuring BitLocker to enforce software encryption
Microsoft Windows CVE-2018-8476 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Microsoft Windows CVE-2018-8584 Windows ALPC Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-8550 Windows COM Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-8549 Windows Security Feature Bypass Vulnerability
Microsoft Windows Search Component CVE-2018-8450 Windows Search Remote Code Execution Vulnerability
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Skype for Business and Microsoft Lync CVE-2018-8546 Microsoft Skype for Business Denial of Service Vulnerability
Team Foundation Server CVE-2018-8602 Team Foundation Server Cross-site Scripting Vulnerability
Windows Audio Service CVE-2018-8454 Windows Audio Service Information Disclosure Vulnerability
Windows Kernel CVE-2018-8589 Windows Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-8408 Windows Kernel Information Disclosure Vulnerability

 

参考链接

https://www.ghacks.net/2018/11/13/microsoft-windows-security-updates-november-2018-release-overview/

https://www.trustwave.com/Resources/SpiderLabs-Blog/Microsoft-Patch-Tuesday,-November-2018/

https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-november-2018

https://blog.talosintelligence.com/2018/11/microsoft-patch-tuesday-october-2018_13.html

https://www.zdnet.com/article/microsoft-patches-windows-zero-day-used-by-multiple-cyber-espionage-groups/

(完)