Patch Tuesday: Halloween Tricks or Treats?

Patch Tuesday: Halloween Tricks or Treats?

Patch Tuesday: Halloween Tricks or Treats?

Halloween is just around the corner and while there are a reduced number of patching scares this October, Microsoft have encountered a horror with their Windows 10 1809 feature update…

CVE-2018-8453 Win32k Elevation of Privilege Vulnerability – Zero Day

Described by Microsoft as “An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.” If exploited, an attacker can run code in kernel and gain administrative privileges. With these privileges they could then install programs, create new accounts with full access privileges and view, install and change data.

CVE-2018-8423Microsoft JET Database Engine Execution Vulnerability – Publicly disclosed

This vulnerability is open to email driven attacks which could provide unauthorised and unrestricted access to impacted systems. To exploit the vulnerability, a user must open a Microsoft JET Database Engine file. The security update object addresses the vulnerability by altering how the Microsoft JET Database Engine Execution Vulnerability handles objects in memory.

Windows 10 Update Horrors!

Microsoft have paused the release of the update for Windows 10 machines running 1809 while they iron out some very significant issues. Upon its early release last week, some users in the Microsoft community experienced a complete loss of data for anything saved in their documents folder. Most frighteningly, rolling back to the previous version does not restore the files.

Further issues reported include an incompatibility issue with Intel Display Audio drivers and Task Manager displaying incorrect CPU usage information. It’s certainly surprising that bugs such as these have been released into the update without being picked up.

At the time of writing there have been no third party patches released on Patch Tuesday this month, but we will be sure to follow up if something ghostly emerges in the coming days and weeks!

– Patrick Collins, Vulnerability Management

Leave a Reply

Your email address will not be published. Required fields are marked *