This month Microsoft has patched 113 vulnerabilities across 11 products, including three zero-day bugs that were being actively exploited in the wild. The zero-days were vulnerabilities in Windows Adobe Type Manager Library, and the Windows kernel. There was also a publicly disclosed vulnerability in OneDrive that allowed for elevation of privilege.
Windows Adobe Type Manager Library
This library processes multi-master fonts for Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who exploited the vulnerability could exploit code remotely, but Windows 10 systems would have the attacker locked down in an AppContainer sandbox. For this reason, the vulnerability is categorized as Critical on older versions of Windows, and Important on Windows 10.
While Windows itself gets updates almost every Patch Tuesday, this month it patched a zero-day that was actively being exploited. The bug being exploited allowed a local user to elevate privileges to kernel (system) level. This allowed an attacker to completely compromise a device, installing user accounts with full privileges or loading ransomware.
OneDrive for Windows could have been exploited to allow for elevation of privilege. The bug being exploited allowed a local user to elevate privileges to kernel (system) level. This allowed an attacker to completely compromise a device, installing user accounts with full privileges or loading ransomware. The vulnerability was publicly disclosed prior to patching, but there are no known exploits.
Microsoft’s Browsers had a vulnerability in their Chakra scripting engine. Object memory could have been corrupted to allow for a remote attacker to execute code remotely via maliciously hosted content on either a compromised website or a malicious site that a victim was lured to. Microsoft has rated this vulnerability as Critical.
Multiple Critical vulnerabilities have been patched in this month’s Patch Tuesday SharePoint products. These vulnerabilities in SharePoint allowed attackers to conduct XSS attacks and execute code remotely. Microsoft has rated these vulnerabilities as Critical, but no exploitation has been done in the wild prior to patching.