Posted: 15 Min Read Threat Intelligence

Microsoft Patch Tuesday – February 2018

This month the vendor has patched 50 vulnerabilities, 14 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the February 2018 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office
  • Microsoft Windows
  • ChakraCore

     

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0763) MS Rating: Critical

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user’s system.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0834) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0835) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0837) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0838) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0840) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0856) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0857) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0858) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0859) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0860) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0861) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0836) MS Rating: Important

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0839) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user’s system.

     

    Windows Scripting Engine Memory Corruption Vulnerability (CVE-2018-0847) MS Rating: Important

    An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user’s system.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0866) MS Rating: Important

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Microsoft Edge Security Feature Bypass (CVE-2018-0771) MS Rating: Moderate

    A security bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft Outlook Memory Corruption Vulnerability (CVE-2018-0852) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2018-0850) MS Rating: Important

    A privilege escalation vulnerability exists when Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB).

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2018-0851) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Office Information Disclosure Vulnerability (CVE-2018-0853) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.

     

    Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0864) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0869) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-0841) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

  3. Cumulative Security Update for Microsoft Windows Kernel

    Windows Kernel Elevation of Privilege Vulnerability (CVE-2018-0742) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

     

    Windows Kernel Elevation of Privilege Vulnerability (CVE-2018-0756) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-0757) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-0810) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

     

    Windows Kernel Elevation Of Privilege Vulnerability (CVE-2018-0820) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-0829) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-0830) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

     

    Windows Kernel Elevation of Privilege Vulnerability (CVE-2018-0831) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-0843) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

     

  4. Cumulative Security Update for Microsoft Windows

    StructuredQuery Remote Code Execution Vulnerability (CVE-2018-0825) MS Rating: Critical

    A remote code execution vulnerability exists in StructuredQuery when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Windows EOT Font Information Disclosure Vulnerability (CVE-2018-0755) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

     

    Windows EOT Font Information Disclosure Vulnerability (CVE-2018-0760) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

     

    Windows EOT Font Information Disclosure Vulnerability (CVE-2018-0761) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

     

    Windows EOT Font Information Disclosure Vulnerability (CVE-2018-0855) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

     

    Windows Elevation of Privilege Vulnerability (CVE-2018-0809) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Windows AppContainer Elevation Of Privilege Vulnerability (CVE-2018-0821) MS Rating: Important

    A privilege escalation vulnerability exists when AppContainer improperly implements constrained impersonation. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability (CVE-2018-0822) MS Rating: Important

    A privilege escalation vulnerability exist when NTFS improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Windows Storage Services Elevation of Privilege Vulnerability (CVE-2018-0826) MS Rating: Important

    A privilege escalation vulnerability exist when Storage Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Windows Security Feature Bypass Vulnerability (CVE-2018-0827) MS Rating: Important

    A security bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

     

    Windows Elevation of Privilege Vulnerability (CVE-2018-0828) MS Rating: Important

    A privilege escalation vulnerability exists in Microsoft Windows when the MultiPoint management account password is improperly secured. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated privileges.

     

    Windows Information Disclosure Vulnerability (CVE-2018-0832) MS Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

     

    Windows Remote Code Execution Vulnerability (CVE-2018-0842) MS Rating: Important

    A remote code execution vulnerability exist when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.

     

    Windows Common Log File System Driver Elevation Of Privilege Vulnerability (CVE-2018-0844) MS Rating: Important

    A privilege escalation vulnerability exist when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Windows Common Log File System Driver Elevation Of Privilege Vulnerability (CVE-2018-0846) MS Rating: Important

    A privilege escalation vulnerability exist when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Named Pipe File System Elevation of Privilege Vulnerability (CVE-2018-0823) MS Rating: Important

    A privilege escalation vulnerability exist when Named Pipe File System improperly handles objects. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability (CVE-2018-0833) MS Rating: Moderate

    A denial of service vulnerability exists in implementations of the Microsoft Server Message Block. The vulnerability is due to improper handling of certain requests sent by a malicious SMB server to the client.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Ratheesh PM

Sr Threat Analysis Engineer

Ratheesh is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.