We find ourselves in the shadow of another Patch Tuesday, but not without an avalanche of new vulnerabilities and updates! Don’t forget to register for our November Patch Tuesday webinar to get in-depth information around what drops next week.Free Whitepaper: What to do BEFORE all hell breaks loose

According to Digital Trends, researchers have discovered yet another hardware-level vulnerability on Intel processors. This vulnerability, titled PortSmash, allows an attacker to extract data from a child thread when hyper-threading is present. The current recommended workaround is to disable Hyper-Threading technology within the system’s BIOS settings that could impact performance depending on workload. It is currently unknown if a patch is expected next Patch Tuesday but be prepared for further firmware updates and configuration changes for full remediation.

But wait, there’s more! A VirtualBox zero-day vulnerability was discovered this week as well. This vulnerability allows an attacker to escape the bounds of the virtual machine and execute code on the host. According to BleepingComputer, the Russian researcher discovered that hosts with the Intel PRO/1000 network adapter in NAT mode can be attacked through the guest VMs. Within the link, a video details how the attack executes a shell on the host. Currently there is no known fix, so keep an eye out for an update soon.

Security Releases

Today VMware released an update to VMware Workstation 14 and 15 with two CVEs discovered during GeekPwn2018. The first vulnerability, CVE-2018-6981, is nearly identical to the VirtualBox vulnerability where a guest could execute code on the host when vmxnet3 is enabled. The second vulnerability, CVE-2018-6982, also affects the vmxnet3 virtual adapter where a guest can read leaked information from the host.

Although it’s not as high profile as our usual patches, Evernote released an update to patch a serious vulnerability within its software discovered by Sophos. CVE-2018-18524 is a user-targeted vulnerability that can be exploited simply by convincing the user to open a shared note. This infected note then contains additional code that will be executed on the endpoint. Although the higher profile software vendors are at the top of security blogs, your environment is only as secure as its weakest link. Staying on top of these less common software titles is critical.

Third-Party Updates

Of course, other vendors have been releasing updates for their respective software. While these updates might not have identified vulnerabilities, they still have helpful stability fixes as well as potential undisclosed security fixes:

Software Title

Ivanti ID

Ivanti KB

Apache Tomcat 8.5.35

TOMCAT-122

QTOMCAT8535

Apache Tomcat 9.0.13

TOMCAT-121

QTOMCAT9013

Camtasia 2018.0.6

CAMTA-010

QCAMTASIA1806

DropBox 61.4.95

DROPBOX-096

QDROPBOX61495

GoodSync 10.9.15

GOODSYNC-100

QGS109151

Google Drive File Stream 28.1.35.1747

GDFS-005

QFS281351747

GoToMeeting 8.36.2

GOTOM-053

QGTM8362

LibreOffice 6.0.7

LIBRE-103

QLIBRE607

LibreOffice 6.1.3.2

LIBRE-104

QLIBRE613

Opera 56.0.3051.99

OPERA-189

QOP560305199

VirtualBox 5.2.22

OVB-016

QOVB5222

Zoom Client 4.1.34583

ZOOM-012

QZOOM4134583

More Patch Resources: