Qualys : August Patch Tuesday – 63 vulns, L1TF, Exchange, SQL, Active Attacks on IE flaw
August 14, 2018 at 02:56 pm EDT
Share
In this month's Patch Tuesday release there are 63 vulnerabilities patched with 20 Criticals. Out of the criticals, over half are browser-related, with the rest including Windows, SQL, and Exchange. Active exploits have been detected against CVE-2018-8373, one of the scripting engine vulnerabilities.
Workstation Patches
Browser and Scripting Engine patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. Microsoft has disclosed that CVE-2018-8373 has active exploits against Internet Explorer, making these patches a high priority. The PDF viewer, Windows Font Library, and GDI+ also have patches available that require a user to interact with a malicious site or file.
LNK Remote Code Execution
A vulnerability (CVE-2018-8345) exists in the processing of shortcuts. This patch should be prioritized for both workstations and servers, as the user does not need to click the file to exploit. Simply viewing a malicious LNK file can execute code as the logged-in user.
Microsoft Exchange
A vulnerability (CVE-2018-8302) was discovered in Exchange that can result in code executing as System. Exploitation of this vulnerability requires access to mailbox account setup, and can not be exploited by non-privileged users.
Microsoft SQL 2016/2017
Microsoft SQL was also patched for a remote code execution vulnerability (CVE-2018-8273). Exploiting this vulnerability does require the ability to execute SQL queries, but this could be accomplished by chaining an existing SQL injection vulnerability in a web application.
L1 Terminal Fault
Microsoft has released a guidance document on new speculative execution vulnerabilities in Intel processors, as well as a full technical analysis including mitigation options. Patches have been released, but require registry configuration to enable all mitigations. Exploitation of this vulnerability can allow VM guests to retrieve data from other guests, as well as process-to-process, which is similar to Meltdown.
Adobe
Adobe has also released patches covering Flash, Acrobat/Reader, Experience Manager, and Creative Cloud. Two vulnerabilities in Acrobat and Reader have been marked as Critical. While Adobe ranks the Flash update as Important, Microsoft ranks it as Critical.
Attachments
Original document
Permalink
Disclaimer
Qualys Inc. published this content on 14 August 2018 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 14 August 2018 18:55:05 UTC
Qualys, Inc. is a provider of a cloud-based platform delivering information technology (IT), security and compliance solutions. The Companyâs integrated suite of IT, security and compliance solutions delivered on Qualys' Enterprise TruRisk Platform enables its customers to identify and manage their IT and operational technology (OT) assets, collect, and analyze large amounts of IT security data, recommend, and implement remediation actions and verify the implementation of such actions. It provides its solutions through a software-as-a-service model, primarily with renewable annual subscriptions. Its cloud platform offers an integrated suite of solutions that automates the lifecycle of asset discovery and management, security and compliance assessments, and remediation for an organizationâs IT infrastructure and assets, whether such infrastructure and assets reside inside the organization, on their network perimeter, on endpoints or in the cloud.