Microsoft Tuesday Patch November 2018-
Fixes 62 Bugs Including BitLocker Bypass Vulnerability and 12 of them are critical.
In the CVE-2018-8566 – Microsoft explains BitLocker Bypass Vulnerability,
A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data.
To exploit the vulnerability, an attacker must gain physical access to the target system prior to the next system reboot.
The security update fixes the vulnerability by ensuring Windows resumes BitLocker Device Encryption.
Windows 7 Zero-Day
In the CVE-2018-8589 – Windows Win32k Elevation of Privilege Vulnerability explains,
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys.
An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data, or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.
The update addresses the vulnerability by correcting how Windows handles calls to Win32k.
Microsoft also patches their browsers for security including Internet Explorer, Microsoft Edge.
Windows 10 users can patch their systems now.
Windows Server Update
On October 2, 2018, we announced the availability of Windows Server 2019 and Windows Server, version 1809. Later that week, we paused the rollout of these new releases to investigate isolated reports of users missing files after updating to the latest Windows 10 feature update. We take any case of data loss seriously, so we proactively removed all related media from our channels as we started investigation of the reports and have now fixed all known related issues. said by Vinicius Apolinario, Senior Product Marketing Manager, Windows Server in Microsoft blog,
In addition to extensive internal validation, we have taken time to closely monitor feedback and diagnostic data from our Windows Insiders and from millions of devices on the Windows 10 October 2018 Update. There is no further evidence of data loss. Based on this data, today we are beginning the re-release of Windows Server 2019, Windows Server, version 1809, and the related versions of Windows 10.
