Microsoft actively closes attacked critical leak in new patch round

Microsoft has released a total of 68 patches in its monthly patch round, or patch Tuesday, of which 21 are for critical leaks. One is actively used in attacks, as is one less severe leak.

The attacked vulnerability, also known as CVE-2018-8174, involves a vulnerability in the VBScript Engine in several versions of Windows, including Windows 10. It allows an attacker to remotely execute code with the privileges of the logged-in user. If that is an administrator, there is the possibility to take over the system, according to Microsoft. An attacker could exploit the vulnerability through a website or an Office document containing malicious VBScript code.

The second attacked vulnerability, which was not labeled “critical” and bears the CVE-2018-8120 attribute, allows an attacker to gain higher privileges on a system, according to Microsoft, and then take it over. However, this only matters for Windows 7 systems and various versions of Windows Server 2008. Many of the other critical vulnerabilities addressed by Microsoft involve scripting engines in Microsoft’s browsers. Various overviews can be found, for example from Talos or Trend Micro.

Among the vulnerabilities patched is also CVE-2018-8897, which has been described by the discoverers in a technical analysis. A Cert warning states that the vulnerability is related to “developers’ interpretation of existing documentation of certain Intel architecture interrupt or exception statements.” An attacker could use the leak to read sensitive data in memory, according to the warning. Not only Microsoft would have been affected by the leak, but also Apple and various Linux distributions.

Several patches are already available, including for macOS and the Linux kernel, notes The Register. The site writes that it appears that the leak was not caused by an error by Intel, but that it would be due to kernel developers. Intel has published an updated version of its developer guide with clarifications.