Start of this new year, Meltdown and Spectre kept us busy. Today Microsoft Patch Tuesday, January 2018, released regular patches fixing a total of 23 vulnerabilities. Among these Microsoft rated one CVE as Critical, 20 as Important, one as Moderate and last one as Low. Microsoft also released 2 advisories for Adobe and Microsoft Office. Out of these 23 vulnerabilities, 15 lead to Remote Code Execution.
In January 2018, Microsoft released patches for total 56 vulnerabilities (CVE’s) and 3 advisories, which includes out of band updates from last week and now January Patch Tuesday.
Microsoft Office received a major share of security updates this month. The most important of these is the 0-day vulnerability in Equation Editologgedr, a component of Microsoft Office. This vulnerability is due to the way objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability” and can lead to remote code execution on the affected systems. For successful exploitation, an attacker has to convince users to open malicious office file by making the user to download and open the file via an email or instant message. Successful exploitation of this vulnerability could allow an attacker to run arbitrary code in the context of the logged in user. Microsoft addressed this 0-day by removing some of the Equation Editor’s functionality.
NOTE: Test and deploy all the patches released to mitigate Meltdown and Spectre, as there could be a performance related problems since it involves BIOS level patches.
Jimmy Graham, points out in the Qualys blog,
This January 2018 consists of security updates for the following products,
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- SQL Server
- ChakraCore
- .NET Framework
- .NET Core
- ASP.NET Core
- Adobe Flash
Microsoft Security Bulletin Summary for January 2018:
Product: Internet Explorer
CVE’s/Advisory: ADV180002, CVE-2018-0762, CVE-2018-0772
Impact: Information Disclosure, Remote Code Execution
KB’s: 4056568, 4056888, 4056890, 4056891, 4056892, 4056893, 4056894, 4056895, 4056896
Product: Microsoft Edge
CVE’s/Advisory: ADV180002, CVE-2018-0758, CVE-2018-0762, CVE-2018-0766, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0781, CVE-2018-0800, CVE-2018-0803
Impact: Elevation of Privilege, Information Disclosure, Remote Code Execution
KB’s: 4056888, 4056890, 4056891, 4056892, 4056893
Product: .NET Core, ASP.NET Core
CVE’s/Advisory: CVE-2018-0764, CVE-2018-0784, CVE-2018-0785, CVE-2018-0786
Impact: Denial of Service, Elevation of Privilege, Security Feature Bypass, Tampering
Product: ChakraCore
CVE’s/Advisory: CVE-2018-0758, CVE-2018-0762, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0781, CVE-2018-0800, CVE-2018-0818
Impact: Information Disclosure, Remote Code Execution, Security Feature Bypass, ode Execution
Product: Microsoft .NET Framework
CVE’s/Advisory: CVE-2018-0764, CVE-2018-0786
Impact: Denial of Service, Security Feature Bypass
KB’s: 4054170, 4054171, 4054172, 4054174, 4054175, 4054176, 4054177, 4054181, 4054182, 4054183, 4054993, 4054994, 4054995, 4054996, 4054997, 4054998, 4054999, 4055000, 4055001, 4055002, 4056888, 4056890, 4056891, 4056892, 4056893
Product: Microsoft Office, Microsoft SharePoint Server, Microsoft SharePoint Foundation
CVE’s/Advisory: ADV180003, CVE-2018-0789, CVE-2018-0790, CVE-2018-0791, CVE-2018-0792, CVE-2018-0793, CVE-2018-0794, CVE-2018-0795, CVE-2018-0796, CVE-2018-0797, CVE-2018-0798, CVE-2018-0799, CVE-2018-0801, CVE-2018-0802, CVE-2018-0804, CVE-2018-0805, CVE-2018-0806, CVE-2018-0807, CVE-2018-0812, CVE-2018-0819
Impact: Defense in Depth, Information Disclosure, Remote Code Execution, Spoofing, Tampering
KB’s: 3114998, 3141547, 4011021, 4011201, 4011213, 4011273, 4011574, 4011579, 4011580, 4011599, 4011602, 4011605, 4011606, 4011607, 4011609, 4011610, 4011611, 4011615, 4011622, 4011626, 4011627, 4011632, 4011636, 4011637, 4011639, 4011641, 4011642, 4011643, 4011648, 4011651, 4011653, 4011656, 4011657, 4011658, 4011659, 4011660
Product: Microsoft SQL Server
CVE’s/Advisory: ADV180002
Impact: Information Disclosure
KB’s: 4057113, 4057114, 4057118, 4057122, 4058559, 4058560, 4058561, 4058562
Product: Windows
CVE’s/Advisory: ADV180002, CVE-2018-0741, CVE-2018-0743, CVE-2018-0744, CVE-2018-0745, CVE-2018-0746, CVE-2018-0747, CVE-2018-0748, CVE-2018-0749, CVE-2018-0750, CVE-2018-0751, CVE-2018-0752, CVE-2018-0753, CVE-2018-0754, CVE-2018-0788
Impact: Denial of Service, Elevation of Privilege, Information Disclosure
KB’s: 4056613, 4056615, 4056759, 4056888, 4056890, 4056891, 4056892, 4056893, 4056894, 4056896, 4056897, 4056898, 4056899, 4056941, 4056942, 4056944
Product: Adobe Flash Player
CVE’s/Advisory: ADV180001
Impact: Denial of Service, Elevation of Privilege, Information Disclosure
KB’s: 4056887
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.
