With Halloween on the horizon, this week would not be complete without a good spooky story, and fortunately the internet delivered! 

Nearly two months ago we covered a security researcher named SandboxEscaper that released exploit code around the Windows ALPC vulnerability. On Tuesday, the same researcher delivered with another exploit including a proof of concept. According to The Hacker News this vulnerability affects all versions of Windows 10 where an attacker can delete critical files. In SandboxEscaper’s example, pci.sys is removed, bricking the target operating system. Microsoft released an update for the ALPC vulnerability on the following Patch Tuesday, so we might have to wait 2 more weeks until proper remediation is released.

Security Releases

Mozilla released updates for both Firefox and Firefox ESR this week with a total of 15 unique CVEs. The two critical CVEs (CVE-2018-12388, CVE-2018-12390) are both user targetable vulnerabilities where an end user could allow an attacker to execute arbitrary code on the system.

Further CVE details for each release with color coded vulnerabilities are listed below:

Further details are available on Mozilla’s security advisory pages:

Third-Party Updates

Here are the other updates we released in our content this week. These updates might not have CVEs, but they may still have helpful stability fixes as well as undisclosed security fixes:

Software Title

Ivanti ID

Ivanti KB

Adobe Acrobat and Reader DC Continuous 19.008.20080

ARDC18-006

QADC1900820080

Beyond Compare 4.2.7.23425

BEYOND-006

QBC42723425

CCleaner 5.48.6834

CCLEAN-070

QCCLEAN5486834

CDBurnerXP 4.5.8.7041

CDBXP-047

QCDBXP4587041

DropBox 60.4.107

DROPBOX-095

QDROPBOX604107

FileZilla Client 3.38.0

FILEZ-081

QFILEZ3380X86

Google Chrome 70.0.3538.77

CHROME-237

QGC700353877

Microsoft Power BI Desktop 2.63.3272.40461

PBID-041

QBI263327240461

PDF-Xchange PRO 7.0.327.1

PDFX-026

QPDFX703271

RealVNC Connect 6.3.2

RVNC-026

QRVNC632

Royal TS 4.3.61022

RTS4-017

QRTS40361022

Skype 8.33.0.41

SKYPE-146

QSKY833041

Snagit 2019.0.0

SNAG-020

QSNAG1900

Visual Studio 2017 version 15.8.8

MSNS18-1024-VS2017

QVS20171588

Webex Productivity Tools 33.0.5.1

WPT-024

QWPT33051

WinZip 23.0.13300

WZ23-001

QWZ23013300

More Patch Resources: