This week, Microsoft has rolled out the last scheduled updates for this year. Nonetheless, it again has released a fix for a zero-day actively exploited in the wild. The Microsoft December Patch Tuesday Update brought fixes for nine critical vulnerabilities in different programs, including a zero-day flaw. It also patched several important vulnerabilities in different applications including MS Office apps.
Zero-Day Fixed With Microsoft December Patch Tuesday Update
This week, Microsoft December Patch Tuesday updates fixed a plethora of critical and important security flaws. These also include a zero-day bug already known and exploited by criminal hackers.
The vulnerability included a Windows Kernel Elevation of Privilege vulnerability that could potentially let an attacker execute arbitrary code on a target system in kernel mode. As described in Microsoft’s security advisory,
“An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
To exploit this bug, an attacker could simply log on to the target system. Then, via a maliciously crafted app, the attacker could gain complete control of the device.
The credit for identifying this bug (CVE-2018-8611) goes to Kaspersky Lab researchers, who reported the third consecutive Windows zero-day discovery to Microsoft. They believe that several threat actors have already exploited the vulnerability, including FruityArmor and SandCat. The researchers Boris Larin and Igor Soumenkov have elaborated their findings in a separate report. As stated,
“CVE-2018-8611 is a race condition that is present in the Kernel Transaction Manager due to improper processing of transacted file operations in kernel mode.”
Brief About Other Bug Fixes
Apart from the above zero-day vulnerability, the Microsoft Patch Tuesday December 2018 update also brought fixes for nine critical vulnerabilities. Allegedly, five out of these nine include memory corruption flaws in the Chakra scripting engine leading to remote code execution. Whereas, the other four vulnerabilities were found in the Microsoft .NET framework, Windows DNS servers, Internet Explorer and Microsoft Edge.
In addition to the critical security flaws, Microsoft also patched around 29 important remote code execution vulnerabilities. Some of these include flaws in Microsoft Excel (CVE-2018-8597 and CVE-2018-8636), Microsoft Word (CVE-2018-8590), Microsoft PowerPoint (CVE-2018-8628) and Microsoft Outlook (CVE-2018-8587).