Patching in Review – Week 45
We find ourselves in the shadow of another Patch Tuesday, but not without an avalanche of new vulnerabilities and updates! Don’t forget to register for our November Patch Tuesday webinar to get in-depth information around what drops next week.
According to Digital Trends, researchers have discovered yet another hardware-level vulnerability on Intel processors. This vulnerability, titled PortSmash, allows an attacker to extract data from a child thread when hyper-threading is present. The current recommended workaround is to disable Hyper-Threading technology within the system’s BIOS settings that could impact performance depending on workload. It is currently unknown if a patch is expected next Patch Tuesday but be prepared for further firmware updates and configuration changes for full remediation.
But wait, there’s more! A VirtualBox zero-day vulnerability was discovered this week as well. This vulnerability allows an attacker to escape the bounds of the virtual machine and execute code on the host. According to BleepingComputer, the Russian researcher discovered that hosts with the Intel PRO/1000 network adapter in NAT mode can be attacked through the guest VMs. Within the link, a video details how the attack executes a shell on the host. Currently there is no known fix, so keep an eye out for an update soon.
Security Releases
Today VMware released an update to VMware Workstation 14 and 15 with two CVEs discovered during GeekPwn2018. The first vulnerability, CVE-2018-6981, is nearly identical to the VirtualBox vulnerability where a guest could execute code on the host when vmxnet3 is enabled. The second vulnerability, CVE-2018-6982, also affects the vmxnet3 virtual adapter where a guest can read leaked information from the host.
Although it’s not as high profile as our usual patches, Evernote released an update to patch a serious vulnerability within its software discovered by Sophos. CVE-2018-18524 is a user-targeted vulnerability that can be exploited simply by convincing the user to open a shared note. This infected note then contains additional code that will be executed on the endpoint. Although the higher profile software vendors are at the top of security blogs, your environment is only as secure as its weakest link. Staying on top of these less common software titles is critical.
Third-Party Updates
Of course, other vendors have been releasing updates for their respective software. While these updates might not have identified vulnerabilities, they still have helpful stability fixes as well as potential undisclosed security fixes:
Software Title |
Ivanti ID |
Ivanti KB |
Apache Tomcat 8.5.35 |
TOMCAT-122 |
QTOMCAT8535 |
Apache Tomcat 9.0.13 |
TOMCAT-121 |
QTOMCAT9013 |
Camtasia 2018.0.6 |
CAMTA-010 |
QCAMTASIA1806 |
DropBox 61.4.95 |
DROPBOX-096 |
QDROPBOX61495 |
GoodSync 10.9.15 |
GOODSYNC-100 |
QGS109151 |
Google Drive File Stream 28.1.35.1747 |
GDFS-005 |
QFS281351747 |
GoToMeeting 8.36.2 |
GOTOM-053 |
QGTM8362 |
LibreOffice 6.0.7 |
LIBRE-103 |
QLIBRE607 |
LibreOffice 6.1.3.2 |
LIBRE-104 |
QLIBRE613 |
Opera 56.0.3051.99 |
OPERA-189 |
QOP560305199 |
VirtualBox 5.2.22 |
OVB-016 |
QOVB5222 |
Zoom Client 4.1.34583 |
ZOOM-012 |
QZOOM4134583 |
More Patch Resources:
- Patching in Review – Week 44
- Patching in Review – Week 43
- Patching in Review – Week 42
- Patching in Review – Week 40
- Patching in Review – Week 39
- Patching in Review – Week 38
- Patching in Review – Week 36
- Patching in Review – Week 35
- Patching in Review – Week 25
- Patch Tuesday Blogs
- Patch Tuesday Resource Page
- Ivanti Security Products