Ratheesh PMSr Threat Analysis Engineer
Posted: 19 Min ReadThreat Intelligence

Microsoft Patch Tuesday – May 2018

This month the vendor has patched 67 vulnerabilities, 21 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the May 2018 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office
  • Exchange Server
  • .NET Framework
  • Microsoft Hyper-V
  • Microsoft Windows
  • ChakraCore
  • Azure IoT SDK

     

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    Microsoft Browser Memory Corruption Vulnerability (CVE-2018-8178) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8179) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8174) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-8128) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8130) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8133) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-8137) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0943) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0945) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0946) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0951) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0953) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0954) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-0955) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8177) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-1022) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-8114) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-8122) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2018-8139) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Microsoft Edge Information Disclosure Vulnerability (CVE-2018-1021) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Microsoft Browser Information Disclosure Vulnerability (CVE-2018-1025) MS Rating: Important

    An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Microsoft Edge Security Bypass Vulnerability (CVE-2018-8112) MS Rating: Important

    A security bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored.

     

    Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8123) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

     

    Internet Explorer security bypass Vulnerability (CVE-2018-8126) MS Rating: Important

    A security bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies. The vulnerability could allow an attacker to bypass Device Guard UMCI policies.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8145) MS Rating: Important

    An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8147) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8148) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2018-8149) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Outlook security bypass Vulnerability (CVE-2018-8150) MS Rating: Important

    A security bypass vulnerability exists when the Microsoft Outlook attachment block filter does not properly handle attachments. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

     

    Microsoft Exchange Memory Corruption Vulnerability (CVE-2018-8151) MS Rating: Moderate

    An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the remote system.

     

    Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2018-8152) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests.

     

    Microsoft Exchange Spoofing Vulnerability (CVE-2018-8153) MS Rating: Low

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information.

     

    Microsoft Exchange Memory Corruption Vulnerability (CVE-2018-8154) MS Rating: Low

    A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2018-8155) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2018-8156) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Office Remote Code Execution Vulnerability (CVE-2018-8157) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Office Remote Code Execution Vulnerability (CVE-2018-8158) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Exchange Privilege Escalation Vulnerability (CVE-2018-8159) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests.

     

    Microsoft Outlook Information Disclosure Vulnerability (CVE-2018-8160) MS Rating: Important

    An information disclosure vulnerability exists in Outlook when a message is opened. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.

     

    Microsoft Office Remote Code Execution Vulnerability (CVE-2018-8161) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8162) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Excel Information Disclosure Vulnerability (CVE-2018-8163) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user's computer or data.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2018-8168) MS Rating: Low

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

  3. Cumulative Security Update for Microsoft .NET Framework

    .NET and .NET Core Denial Of Service Vulnerability (CVE-2018-0765) MS Rating: Important

    A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents.

     

  4. Cumulative Security Update for Microsoft Hyper-V

    Hyper-V Remote Code Execution Vulnerability (CVE-2018-0959) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.

     

    Hyper-V vSMB Remote Code Execution Vulnerability (CVE-2018-0961) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data. An attacker who successfully exploited these vulnerabilities could execute arbitrary code on a target operating system.

     

  5. Cumulative Security Update for Microsoft Windows Kernel

    Win32k Privilege Escalation Vulnerability (CVE-2018-8124) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-8141) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2018-8127) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Kernel Privilege Escalation Vulnerability (CVE-2018-8897) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Win32k Privilege Escalation Vulnerability (CVE-2018-8164) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Win32k Privilege Escalation Vulnerability (CVE-2018-8166) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

  6. Cumulative Security Update for Microsoft Windows

    Microsoft COM for Windows Remote Code Execution Vulnerability (CVE-2018-0824) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft COM for Windows when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions.

     

    Windows Security Bypass Vulnerability (CVE-2018-0854) MS Rating: Important

    A security bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

     

    Windows Security Bypass Vulnerability (CVE-2018-0958) MS Rating: Important

    A security bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

     

    Windows Security Bypass Vulnerability (CVE-2018-1039) MS Rating: Important

    A security bypass vulnerability exists in . Net Framework which could allow an attacker to bypass Device Guard.

     

    Win32k Privilege Escalation Vulnerability (CVE-2018-8120) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Windows Security Bypass Vulnerability (CVE-2018-8129) MS Rating: Important

    A security bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

     

    Windows Security Bypass Vulnerability (CVE-2018-8132) MS Rating: Important

    A security bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

     

    Windows Privilege Escalation Vulnerability (CVE-2018-8134) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.

     

    Windows Remote Code Execution Vulnerability (CVE-2018-8136) MS Rating: Low

    A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.

     

    DirectX Graphics Kernel Privilege Escalation Vulnerability (CVE-2018-8165) MS Rating: Important

    A privilege escalation vulnerability exists when the DirectX Graphics Kernel(DXGKRNL) driver improperly handles objects in memory.

     

    Windows Common Log File System Driver Privilege Escalation Vulnerability (CVE-2018-8167) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.

     

    Windows Image Privilege Escalation Vulnerability (CVE-2018-8170) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

     

    Microsoft InfoPath Remote Code Execution Vulnerability (CVE-2018-8173) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft InfoPath when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Windows Security Bypass Vulnerability (CVE-2018-8142) MS Rating: Important

    A security bypass exists when Windows incorrectly validates kernel driver signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed drivers into the kernel.

     

  7. Cumulative Security Update for Microsoft Azure IoT SDK

    Azure IoT SDK Spoofing Vulnerability (CVE-2018-8119) MS Rating: Important

    A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol. An attacker who successfully exploited this vulnerability could impersonate a server used duing the provisioning process.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Ratheesh PM

Sr Threat Analysis Engineer

Ratheesh is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.