October Patch Tuesday Analysis 2018

Patch Tuesday Webinar
Wednesday, Oct 10, 2018
Hosted by: Brian Secrist & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 806 130 204

Agenda
Oct 2018 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

In the News
Google+ shuts down after data breach
https://www.digitaltrends.com/computing/google-to-shut-down-google-plus/
McAfee Labs Malware Trends Report
https://www.businesswire.com/news/home/20180924006048/en/McAfee-Labs-Sees-
Cryptocurrency-Mining-Surge-Continue
WannaCry alive and well, now with mining!
https://arstechnica.com/information-technology/2018/09/eternally-pwned-wannamine-still-
spreading-using-year-old-leaked-nsa-exploits/
XBash malware "Suite"
https://thehackernews.com/2018/09/ransomware-coinmining-botnet.html
First UEFI rootkit found in the wild
https://thehackernews.com/2018/09/uefi-rootkit-malware.html

New Microsoft Announcements
 Server 2019 Released
 https://cloudblogs.microsoft.com/windowsserver/2018/09/24/windows-server-
2019-announcing-general-availability-in-october/
 Update released yesterday
 Windows 10, Version 1809
 Released October 2
 https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-
pros-in-Windows-10-version-1809/ba-p/263909
 ‘Paused’ October 6
 Known Major Issues
 Deletion of files in C:/Users/[username]/Documents/
 Compatibility issue with Intel Display Audio device drivers
 Incorrect CPU usage reported in Task Manager
 New Latest Cumulative Update (LCU) update file

Microsoft Notable September Out-of-Band Releases
 Visual Studio 2015 Update 3 (again!)
 Addresses CVE-2018-0952
 https://support.microsoft.com/en-ca/help/4463110/security-update-for-
vulnerabilities-in-visual-studio-2015
 Microsoft non-Security Releases
 Minor version increment after initial release:
 1709 (KB4457136)
 1803 (KB4458469)

Zero-day Exploited Vulnerability
 CVE-2018-8453 - Win32k Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists in Windows when the Win32k
component fails to properly handle objects in memory. An attacker who
successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights.
 To exploit this vulnerability, an attacker would first have to log on to the system.
An attacker could then run a specially crafted application that could exploit the
vulnerability and take control of an affected system.

Publicly Disclosed Vulnerability
 CVE-2018-8423 - JET Database Engine Remote Code Execution Vulnerability
 An attacker who successfully exploited this vulnerability could take control of an
affected system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. Users whose accounts are
configured to have fewer user rights on the system could be less impacted than
users who operate with administrative user rights.
 To exploit the vulnerability, a user must open/import a specially crafted Microsoft
JET Database Engine file. In an email attack scenario, an attacker could exploit
the vulnerability by sending a specially crafted file to the user, and then convince
the user to open the file.

Windows 10 Lifecycle Awareness
 Windows 10 Branch Support
 Complete Lifecycle Fact Sheet
 https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
Source: Microsoft

Weekly Patch BLOG
 Latest Patch Releases
 Microsoft and Third-party
 Security and non-Security
 CVE Analysis
 Security Events of Interest
 Host: Brian Secrist
 https://www.ivanti.com/blog/
topics/patch-tuesday

Patch Content Announcement System
 Announcements Posted on Community Pages
 https://community.ivanti.com/community/other/bulletins/patch-content-
notifications
 Subscribe to receive email or RSS notifications for desired product(s)
 Endpoint Security / Patch for Linux, UNIX, Mac Notifications now available
 Released content list updated each Monday
 Supported operating systems and applications updated monthly

Ivanti Product Announcements
 Patch for Windows 9.2
 Final update was 2017-08-27
 Final content release and support extended to November Patch Tuesday
 Upgrade to 9.3.4510
 Patch for Windows 9.3 Update 1
 Common criteria certification EAL2+ on 7/24/2018

MS18-10-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803, 1809,
Server 2016, Server 2019, Server 1709, Server 1803, IE 11 and Microsoft Edge
 Description: This bulletin references 9 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
 Fixes 33 Vulnerabilities: CVE-2018-8453 is known exploited and CVE-2018-8423 is
publicly disclosed. See Details column of Security Update Guide for complete list of
CVEs.
 Restart Required: Requires restart
 Known Issues: See next slide.

October Known Issues for Windows 10
 KB 4462917 - Windows 10, version 1607, Windows Server 2016
 After installing this update, installing Window Server 2019 Key Management Service (KMS) host
keys (CSVLK) on Window Server 2016 KMS hosts does not work as expected.
 Workaround – None. Microsoft is still working on a resolution.

MS18-10-IE: Security Updates for Internet Explorer
 Affected Products: Microsoft Internet Explorer 9,10,11
 Description: The fixes that are included in the cumulative Security Update for Internet
Explorer (KB 4462949) are also included in the October 2018 Security Monthly Quality
Rollup. Installing either the Security Update for Internet Explorer or the Security
Monthly Quality Rollup installs the fixes that are in this update. This bulletin references
9 KB articles.
 Impact: Remote Code Execution
 Fixes 2 vulnerabilities: CVE-2018-8469, CVE-2018-8491
 Restart Required: Requires browser restart
 Known Issues: None reported
 NOTE: Security Update Guide incorrectly shows only IE 11

MS18-10-MR2K8: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: This security update includes improvements and fixes that were a part of
update KB 4458315 (released September 20, 2018). It includes security updates for
Windows Media Player, Microsoft Office Graphics, Microsoft Graphics Component,
Windows Storage and Filesystems, and the Microsoft JET Database Engine. This
bulletin is based on KB 4463097.
 Fixes 14 Vulnerabilities: CVE-2018-8320, CVE-2018-8330, CVE-2018-8333, CVE-
2018-8411, CVE-2018-8423, CVE-2018-8427, CVE-2018-8432, CVE-2018-8453, CVE-
2018-8494

MS18-10-SO2K8: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Security updates to Windows Media Player, Microsoft Office Graphics,
Microsoft Graphics Component, Windows Storage and Filesystems, and the Microsoft
JET Database Engine. This bulletin is based on KB 4463104.
2018-8494

MS18-10-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
update KB 4457139 (released September 20, 2018). Security updates to Windows
Media Player, Windows Graphics, Microsoft Graphics Component, Windows Storage
and Filesystems, Windows Kernel, and the Microsoft JET Database Engine. This
bulletin is based on KB 4462923.
 Fixes 14 (shown) + 2 (IE) Vulnerabilities: CVE-2018-8320, CVE-2018-8330, CVE-
2018-8489, CVE-2018-8494
 Known Issues: See next slide

October Known Issue for Windows 7 and Server 2008 R2
 KB 4462923 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
 There is an issue with Windows and third-party software that is related to a missing file
(oem<number>.inf). Because of this issue, after you apply this update, the network interface
controller will stop working.
 Workaround –
1.To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
2.To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes
from the Action menu.
a. Alternatively, install the drivers for the network device by right-clicking the device and
selecting Update. Then select Search automatically for updated driver software or Browse
my computer for driver software.

MS18-10-SO7: Security-only Update for Win 7 and Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2
 Description: Security updates to Windows Media Player, Windows Graphics,
Microsoft Graphics Component, Windows Storage and Filesystems, Windows Kernel,
and the Microsoft JET Database Engine. This bulletin is based on KB 4462915.
2018-8494

MS18-10-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Server 2012 and IE
Media Player, Microsoft Graphics Component, Windows Storage and Filesystems, and
the Microsoft JET Database Engine. This bulletin is based on KB 4462929.
2018-8489, CVE-2018-8494

MS18-10-SO8: Security-only Update for Server 2012
 Affected Products: Microsoft Server 2012
 Description: Security updates to Windows Media Player, Microsoft Graphics
Component, Windows Storage and Filesystems, and the Microsoft JET Database
Engine. This bulletin is based on KB 4462931.
2018-8494

MS18-10-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Media Player, Microsoft Graphics Component, Windows Datacenter Networking,
Windows Storage and Filesystems, Windows Kernel, and Microsoft JET Database
Engine. This bulletin is based on KB 4462926.
2018-8489, CVE-2018-8493, CVE-2018-8494 Restart Required: Requires restart

MS18-10-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Description: Security updates to Windows Media Player, Microsoft Graphics
Component, Windows Datacenter Networking, Windows Storage and Filesystems,
Windows Kernel, and Microsoft JET Database Engine. This bulletin is based on KB
4462941.
2018-8493, CVE-2018-8494

MS18-10-O365: Security Updates for Office 365 ProPlus
 Maximum Severity: Important
 Affected Products: Office 365 ProPlus
 Description: This security update resolves vulnerabilities in most Microsoft Office 365
applications. Information on Office 365 ProPlus updates is available at
https://docs.microsoft.com/en-us/officeupdates/release-notes-office365-proplus
 Impact: Remote Code Execution, Information Disclosure, Defense in Depth
2018-8502, CVE-2018-8504
 Restart Required: Requires application restart
 NOTE: New naming convention to align with Microsoft branding

MS18-10-OFF: Security Updates for Microsoft Office
 Affected Products: Excel 2010-2016, Office 2010-2016, Office 2016 for Mac, Outlook
2010-2016, PowerPoint 2010-2016, Word 2010-2016
 Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 19 KB articles and Release Notes.
 Impact: Remote Code Execution, Information Disclosure, Defense in Depth
2018-8502, CVE-2018-8504
 Restart Required: Requires application restart

MS18-10-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft Enterprise SharePoint Server 2010-2016
 Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This bulletin
is based on KB 4092481, KB 4461447, and KB 4461450.
 Impact: Remote Code Execution and Elevation of Privilege
2018-8504, CVE-2018-8518
 Restart Required: Requires Restart

MS18-10-EX: Security Updates for Exchange Server
 Affected Products: Microsoft Exchange Server 2010-2016
 Description: This security update resolves several memory corruption vulnerabilities
in Microsoft Exchange. This bulletin is based on KB 2565063 and KB 4459266.
 Impact: Remote Code Execution and Elevation of Privilege
 Fixes 3 Vulnerabilities: CVE-2010-3190, CVE-2018-8265, CVE-2018-8448
 Restart Required: Requires Restart
 Known Issues: Updates must be installed when running in elevated mode as
administrator. Installing in normal mode will result in failed installation.
 Note: Bulletin MS11-025 is reissued this month to address CVE-2010-3190 which was
not ‘in scope’ for Exchange Server when originally released. It must be applied to all
versions of Exchange Server. It should be included in the next cumulative update for
exchange server 2016.

Between Patch Tuesday’s
New Product Support: Blue Jeans 2, Project R for Windows, NVivo 12
Security Updates: Apple (2), Adobe Acrobat (3), CCleaner (2), Google Chrome (1),
Firefox (2), Firefox ESR (2), Foxit PhantomPDF (1), Foxit Reader (1), Filezilla (4),
LibreOffice (2), Malwarebytes (1), Nitro Pro (2), Opera (4), Plex Media Server (1),
Realplayer (1), Slack Machine-Wide Installer (1), Splunk Universal Forwarder (1),
Thunderbird (1), Apache Tomcat (1), VMware Workstation (1), VMware Player (1), VMware
Tools (1), WinRAR (1)
Non-Security Updates: Audacity (1), Blue Jeans (1), BlueJeans Outlook Plugin (1),
Camtasia (1), CDBurnerXP (1), DropBox (2), Evernote (2), GOM Player (2), GoodSync
(2), GoToMeeting (2), LogMeIn (1), Mouse and Keyboard Center (1), Mozy (2), NVivo (1),
Power BI Desktop (2), PDF-Xchange PRO (1), Paint.net (1), Plex Media Player (3), R for
Windows (1), Royal TS (2), Skype (2), Snagit (1), TortoiseHG (1), TeamViewer (3), Webex
Meeting Center (1), Webex Productivity Tools (2), Zoom Client (1)

Third Party CVE Information
 Thunderbird 60.2.1
 TB18-6021, QTB6021
 Fixes 7 Vulnerabilities: CVE-2017-16541, CVE-2018-12376, CVE-2018-12377,
CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385
 Firefox ESR 60.2.2
 FFE18-6022, QFFE6022
 Fixes 2 Vulnerabilities: CVE-2018-12386, CVE-2018-12387
 Firefox ESR 62.0.3
 FF18-017, QFF6203
 Fixes 2 Vulnerabilities: CVE-2018-12386, CVE-2018-12387

Third Party CVE Information (cont)
 Adobe Acrobat and Reader
 APSB18-30, QARDC1701130105MUI, QARDC1500630456MUI,
QADC1701130105, QADC1500630456
 Fixes 86 Vulnerabilities: CVE-2018-12759, CVE-2018-12769, CVE-2018-12831, CVE-2018-
12832, CVE-2018-12833, CVE-2018-12834, CVE-2018-12835, CVE-2018-12836, CVE-2018-12837,
CVE-2018-12838, CVE-2018-12839, CVE-2018-12841, CVE-2018-12842, CVE-2018-12843, CVE-2018-
15953, CVE-2018-15954, CVE-2018-15955, CVE-2018-15956, CVE-2018-15966, CVE-2018-15968

Third Party CVE Information (cont)
 Foxit PhantomPDF 9.3
 FIP-017, QFIP930
2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295,
CVE-2018-16296, CVE-2018-16297, CVE-2018-17615, CVE-2018-17616, CVE-2018-
17617, CVE-2018-17618, CVE-2018-17619, CVE-2018-17620, CVE-2018-17621, CVE-
2018-17622, CVE-2018-17623, CVE-2018-17624, CVE-2018-17625, CVE-2018-17706
 Foxit Reader 9.3
 FI18-930, QFI930
 Fixes same 42 Vulnerabilities

October Patch Tuesday Analysis 2018

More Related Content

What's hot

Similar to October Patch Tuesday Analysis 2018

More from Ivanti

Recently uploaded

October Patch Tuesday Analysis 2018