This month’s Patch Tuesday entry patched a number of significant vulnerabilities, including CVE-2018-8225, a remote code execution vulnerability that occurs when the Windows Domain Name System (DNS) component DNSAPI.dll fails to handle DNS responses properly. An attacker exploiting this vulnerability can use a variety of methods such as man-in-the-middle attacks or DNS server manipulation to execute code at the local level.
The June Patch Tuesday addresses another critical remote code execution vulnerability, CVE-2018-8231, which affects the HTTP Protocol stack component Http.sys used to process HTTP requests at high speed. Microsoft notes that exploitation of this vulnerability involves an unauthenticated attacker sending a specially crafted packet to a targeted Http.sys server. If successful, the attacker then gains control of the targeted system.
CVE-2018-8267, which was publicly disclosed via Trend Micro’s Zero Day Initiative back in January 2018, is another noteworthy vulnerability addressed this month. The vulnerability occurs due to the way the scripting engine handles error objects. It can be exploited with compromised websites or specially crafted applications, documents, and other content to allow an attacker to take control of the targeted computer.
In addition to CVE-2018-8267, the following vulnerabilities were also disclosed via ZDI:
- CVE-2018-8207 – Windows Kernel Information Disclosure Vulnerability
- CVE-2018-8236 – Microsoft Edge Memory Corruption Vulnerability
- CVE-2018-8239 – Windows GDI Information Disclosure Vulnerability
- CVE-2018-8251 – Media Foundation Memory Corruption Vulnerability
In line with Microsoft’s release, Adobe also published their set of updates for vulnerabilities affecting Adobe Flash Player 126.96.36.199 and earlier versions in the APSB18-19 Security Bulletin. The most critical Flash Player vulnerability addressed is CVE-2018-5002, a stack-based buffer overflow that could result in remote code execution performed by an attacker. This vulnerability is reportedly being actively used in targeted attacks.
Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may target the vulnerabilities mentioned above via the following DPI rules:
- 1009130-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0978)
- 1009131-Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (CVE-2018-1036, CVE-2018-8169, CVE-2018-8208, CVE-2018-8214, CVE-2018-8233)
- 1009132-Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8110)
- 1009133-Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8111)
- 1009134-Microsoft Windows Remote Code Execution Vulnerability (CVE-2018-8210)
- 1009135-Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)
- 1009136-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8229)
- 1009137-Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8236)
- 1009138-Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8248)
- 1009139-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8249)
- 1009140-Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2018-8251)
- 1009141-Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8267)
- 1009146-Adobe Flash Player Multiple Security Vulnerabilities (APSB18-19)
Trend Micro TippingPoint customers are protected from threats that may exploit the vulnerabilities via these MainlineDV filters:
- 32026: HTTP: Microsoft Edge Memory Corruption Vulnerability
- 32027: HTTP: Microsoft Edge Type Confusion Vulnerability
- 32028: HTTP: Microsoft Windows wimgapi.dll Memory Corruption Vulnerability
- 32029: DNS: Microsoft Windows DNS Cache Service Memory Corruption Vulnerability
- 32030: HTTP: Microsoft Edge Chakra Memory Corruption Vulnerability
- 32032: HTTP: Microsoft Excel Memory Corruption Vulnerability
- 32034: HTTP: Microsoft Windows win32kfull Privilege Escalation Vulnerability
- 32038: HTTP: Internet Explorer Memory Corruption Vulnerability
- 32054: HTTP: Microsoft Edge Worker User-After-Free Vulnerability
- 32065: HTTP: Scripting Engine Memory Corruption Vulnerability
- 32068: HTTP: Microsoft Edge Media Foundation Memory Corruption Vulnerability
- 32124: HTTP: Internet Explorer Memory Corruption Vulnerability
- 32126: HTTP: Windows Desktop Bridge Privilege Escalation Vulnerability
- 32127: HTTP: Windows Desktop Bridge Privilege Escalation Vulnerability
- 32162: HTTP: Microsoft NTFS Privilege Escalation Vulnerability
- 32164: HTTP: Microsoft Windows HIDParser Privilege Escalation Vulnerability
The post June Patch Tuesday: Microsoft Addresses DNS-related Vulnerability, Adobe Patches Critical Flash Player Flaw appeared first on .