Posted: 17 Min Read Threat Intelligence

Microsoft Patch Tuesday – January 2018

This month the vendor has patched 59 vulnerabilities, 17 of which are rated Critical.

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor has patched 59 vulnerabilities, 17 of which are rated Critical. Please note 33 CVEs were released out-of-band on January 3, 2018.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the January 2018 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office
  • SQL Server
  • ChakraCore
  • .NET Framework
  • .NET Core
  • ASP.NET Core

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for CPU Microcode

    Vulnerability in CPU Microcode Could Allow Information Disclosure (CVE-2017-5715) MS Rating: Important

    A security vulnerability referred to as 'speculative execution side-channel attacks' affect many modern processors and operating systems including Intel, AMD, and ARM.

     

    Vulnerability in CPU Microcode Could Allow Information Disclosure (CVE-2017-5753) MS Rating: Important

    A security vulnerability referred to as 'speculative execution side-channel attacks' affect many modern processors and operating systems including Intel, AMD, and ARM.

     

    Vulnerability in CPU Microcode Could Allow Information Disclosure (CVE-2017-5754) MS Rating: Important

    A security vulnerability referred to as 'speculative execution side-channel attacks' affect many modern processors and operating systems including Intel, AMD, and ARM.

     

  2. Cumulative Security Update for Microsoft Browsers

    Scripting Engine Security Feature Bypass (CVE-2018-0818) MS Rating: Important

    A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed.

     

    Scripting Engine Information Disclosure Vulnerability (CVE-2018-0767) MS Rating: Critical

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0768) MS Rating: Important

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0769) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0770) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0772) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0773) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0774) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0775) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0776) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0777) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0778) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Information Disclosure Vulnerability (CVE-2018-0780) MS Rating: Critical

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0781) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Information Disclosure Vulnerability (CVE-2018-0800) MS Rating: Critical

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0758) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0762) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. An attacker can exploit this issue to execute arbitrary code in the context of the current user.

     

    Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0766) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

    Microsoft Edge Elevation of Privilege Vulnerability (CVE-2018-0803) MS Rating: Important

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies. An attacker can exploit this issue to gain access to the information from one domain and inject it into another domain.

     

  3. Cumulative Security Update for Microsoft Office

    Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability (CVE-2018-0789) MS Rating: Important

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An attacker can exploit this issue by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability (CVE-2018-0790) MS Rating: Important

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An attacker can exploit this issue by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Outlook Remote Code Execution Vulnerability (CVE-2018-0791) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker can exploit this issue to take control of an affected system.

     

    Microsoft Word Remote Code Execution (CVE-2018-0792) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Outlook Remote Code Execution (CVE-2018-0793) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker can exploit this issue to take control of an affected system.

     

    Microsoft Word Remote Code Execution (CVE-2018-0794) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Office Remote Code Execution (CVE-2018-0795) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Excel Remote Code Execution (CVE-2018-0796) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Word Memory Corruption Vulnerability (CVE-2018-0797) MS Rating: Critical

    An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2018-0798) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Office Remote Code Execution Vulnerability (CVE-2018-0801) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2018-0804) MS Rating: Low

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2018-0805) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2018-0806) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2018-0807) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2018-0812) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Office Memory Corruption Vulnerability (CVE-2018-0819) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in the context of the current user.

     

    Microsoft Access Tampering Vulnerability (CVE-2018-0799) MS Rating: Important

    A cross-site-scripting (XSS) vulnerability exists when Microsoft Access does not properly sanitize inputs to image fields edited within Design view. An attacker can exploit this issue by sending a specially crafted file to a victim, or by hosting the file on a web server.

     

  4. Cumulative Security Update for ASP.NET

    ASP.NET Core Elevation Of Privilege Vulnerability (CVE-2018-0784) MS Rating: Important

    An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. An attacker can exploit this issue to perform content injection attacks and run script in the security context of the logged-on user.

     

    ASP.NET Core Cross Site Request Forgery Vulnerabilty (CVE-2018-0785) MS Rating: Moderate

    A Cross Site Request Forgery (CSRF) vulnerability exists when a ASP.NET Core web application is created using vulnerable project templates. An attacker can exploit this issue to change the recovery codes associated with the victim's user account without his/her consent.

     

  5. Cumulative Security Update for .NET Framework

    .NET Security Feature Bypass Vulnerability (CVE-2018-0786) MS Rating: Important

    A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker can exploit this issue by presenting a certificate that is marked invalid for a specific use, but the component uses it for that purpose.

     

    .NET and .NET Core Denial Of Service Vulnerability (CVE-2018-0764) MS Rating: Important

    A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker can exploit this issue to cause a denial of service against a .NET application.

     

  6. Cumulative Security Update for Microsoft Windows

    Microsoft Color Management Information Disclosure Vulnerability (CVE-2018-0741) MS Rating: Important

    An information disclosure vulnerabilities exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. An attacker can exploit this issue to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system.

     

    Windows Subsystem for Linux Elevation of Privilege Vulnerability (CVE-2018-0743) MS Rating: Important

    An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker can exploit this issue to execute code with elevated permissions.

     

    Windows Elevation of Privilege Vulnerability (CVE-2018-0744) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

     

    Windows Information Disclosure Vulnerability (CVE-2018-0745) MS Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker can exploit this issue to retrieve the memory address of a kernel object.

     

    Windows Information Disclosure Vulnerability (CVE-2018-0746) MS Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker can exploit this issue to retrieve the memory address of a kernel object.

     

    Windows Information Disclosure Vulnerability (CVE-2018-0747) MS Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker can exploit this issue to retrieve the memory address of a kernel object.

     

    Windows Elevation of Privilege Vulnerability (CVE-2018-0748) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker can exploit this issue to impersonate processes, interject cross-process communication, or interrupt system functionality.

     

    SMB Server Elevation of Privilege Vulnerability (CVE-2018-0749) MS Rating: Important

    An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker can exploit this issue to bypass certain security checks in the operating system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2018-0750) MS Rating: Important

    A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

    Windows Elevation of Privilege Vulnerability (CVE-2018-0751) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker can exploit this issue to impersonate processes, interject cross-process communication, or interrupt system functionality.

     

    Windows Elevation of Privilege Vulnerability (CVE-2018-0752) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker can exploit this issue to impersonate processes, interject cross-process communication, or interrupt system functionality.

     

    Windows IPSec Denial of Service Vulnerability (CVE-2018-0753) MS Rating: Important

    A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker can exploit this issue cause a target system to stop responding.

     

    ATMFD.dll Information Disclosure Vulnerability (CVE-2018-0754) MS Rating: Important

    An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker can exploit this issue to potentially read data that was not intended to be disclosed.

     

    ATMFD.dll Information Disclosure Vulnerability (CVE-2018-0788) MS Rating: Important

    An information disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker can exploit this issue to potentially read data that was not intended to be disclosed.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Himanshu Mehta

Senior Threat Analysis Engineer

Himanshu is a senior member of Symantec's Cyber Security Services organization. An active contributor to numerous security communities, he frequently provides insight on vulnerabilities and shares his knowledge by writing reports, blogs, and journals.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.