This valentine’s day Microsoft released security patches addressing a total of 50 security vulnerabilities in various Microsoft products along with additional patches for the Meltdown and Spectre vulnerabilities (ADV180002), as a part of regulr patch tuesday.

Among these 14 rated as Critical, 34 rated as Important and 2 rated as Moderate. These vulnerabilities impact Outlook, Edge, Scripting Engine, App Container, Windows,  flash player and more.

This Patch Tuesday major critical vulnerabilities are addressed in Microsoft Scripting Engine. These vulnerabilities are due to the way “Scripting Engine” executes scripting languages like Javascript or VBScript. This would affect Microsoft browsers Edge, IE and also Office documents with macro scripts.

There are no Zero day vulnerabilities, but Microsoft included security patches for South Korea’s CERT identified Adobe Flash Player critical vulnerability, which is exploited in wild starting of this month. More information about this vulnerability can be found here


In-The-Wild and Disclosed vulnerability(CVE-2018-0771):
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. Successful exploitation of this vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and send the restricted data. Microsoft released patch addressing this vulnerability before attackers take advantage of this vulnerability.

Microsoft Outlook Memory Corruption Vulnerability (CVE-2018-0852):
A remote code execution vulnerability exists in Microsoft Outlook, which fails to handle objects in memory properly. For successful exploitation, an attacker has to convince users to open or previews malicious email. Successful exploitation of this vulnerability could allow an attacker to run arbitrary code in the context of the logged in user.


In addition, Microsoft also released patches addressing 11 information disclosure and elevation of privilege vulnerabilities affecting the Windows kernel, which allows an attacker to gain SYSTEM-level privileges.

February 2018 patch tuesday release consists of security updates for the following softwares:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Adobe Flash

Microsoft security bulletin summary for February 2018:

Product: Internet Explorer
CVE’s/Advisory: CVE-2018-0840, CVE-2018-0866
Impact: Remote Code Execution
KB’s: 4074588, 4074590, 4074591, 4074592, 4074593, 4074594, 4074596, 4074598, 4074736

Product: Microsoft Edge
CVE’s/Advisory: CVE-2018-0763, CVE-2018-0771, CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0839, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861
Impact: Information Disclosure, Remote Code Execution, Security Feature Bypass
KB’s: 4074588, 4074590, 4074591, 4074592, 4074596

Product: Microsoft Windows
CVE’s/Advisory: ADV180005, CVE-2018-0742, CVE-2018-0755, CVE-2018-0756, CVE-2018-0757, CVE-2018-0760, CVE-2018-0761, CVE-2018-0809, CVE-2018-0810, CVE-2018-0820, CVE-2018-0821, CVE-2018-0822, CVE-2018-0823, CVE-2018-0825, CVE-2018-0826, CVE-2018-0827, CVE-2018-0828, CVE-2018-0829, CVE-2018-0830, CVE-2018-0831, CVE-2018-0832, CVE-2018-0833, CVE-2018-0842, CVE-2018-0843, CVE-2018-0844, CVE-2018-0846, CVE-2018-0847, CVE-2018-0855
Impact: Defense in Depth, Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KB’s: 4034044, 4058165, 4073079, 4073080, 4074587, 4074588, 4074589, 4074590, 4074591, 4074592, 4074593, 4074594, 4074596, 4074597, 4074598, 4074603, 4074836, 4074851

Product: Microsoft Office and Microsoft Office Services and Web Apps
CVE’s/Advisory: CVE-2018-0841, CVE-2018-0850, CVE-2018-0851, CVE-2018-0852, CVE-2018-0853, CVE-2018-0864, CVE-2018-0869
Impact: Elevation of Privilege, Information Disclosure, Remote Code Execution
KB’s: 3114874, 3172459, 4011143, 4011200, 4011680, 4011682, 4011686, 4011690, 4011697, 4011701, 4011703, 4011707, 4011711, 4011715

Product: ChakraCore
CVE’s/Advisory: CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860
Impact: Remote Code Execution

Product: Adobe Flash
CVE’s/Advisory: ADV180004, CVE-2018-4877, CVE-2018-4878
Impact: Remote Code Execution
KB’s: 4074595


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Summary
Patch Tuesday: Microsoft Security Bulletin Summary for February 2018
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for February 2018
Author
Publisher Name
SecPod Technologies
Publisher Logo
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>