Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Microsoft January 2018 Patch Tuesday InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft January 2018 Patch Tuesday

Published: 2018-01-09
Last Updated: 2018-01-10 01:38:07 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Microsoft, as expected included last weeks Meltdown/Spectre update in this months patch Tuesday. But note that in addition to these two flaws, we have a number of other "traditional" privilege escalation and even remote code execution flaws that are probably easier to exploit and should be treated probably with a higher priority. Regardless, I doubt that as many people will work overtime for these run of the mill flaws. For example:

CVE-2018-0788: A quick NVD search shows 15 different vulnerabilities for this Atmfd.dll. Some can even lead to code execution. But I doubt you will have this issue patched this week. Exploitation of CVE-2018-0788 can lead to code execution as administrator. Spectre/Meltdown only allow reading data.

CVE-2018-0773: An attacker may execute arbitrary code in the context of the user running the browser. Spectre, which was patched in many browser again only allows reading data.

and CVE-2018-0802, which is already being exploited.

So better get patching. It worked so well last month :)

January 2018 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity
.NET Security Feature Bypass Vulnerability
CVE-2018-0786 No No Less Likely Less Likely Important
.NET and .NET Core Denial Of Service Vulnerability
CVE-2018-0764 No No Unlikely Unlikely Important
ASP.NET Core Cross Site Request Forgery Vulnerabilty
CVE-2018-0785 No No Unlikely Unlikely Moderate
ASP.NET Core Elevation Of Privilege Vulnerability
CVE-2018-0784 No No Less Likely Less Likely Important
Guidance to mitigate speculative execution side-channel vulnerabilities
ADV180002 No No Less Likely Less Likely Important
January 2018 Adobe Flash Security Update
ADV180001 No No - - Critical
Microsoft Access Tampering Vulnerability
CVE-2018-0799 No No Unlikely Unlikely Important
Microsoft Color Management Information Disclosure Vulnerability
CVE-2018-0741 No No - - Important
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2018-0803 No No - - Important
Microsoft Edge Information Disclosure Vulnerability
CVE-2018-0766 No No Unlikely Unlikely Important
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-0796 No No Less Likely Less Likely Important
Microsoft Office Defense in Depth Update
ADV180003 No No - - None
Microsoft Office Memory Corruption Vulnerability
CVE-2018-0802 No Yes Unlikely Unlikely Important
CVE-2018-0798 No No Less Likely Less Likely Important
Microsoft Office Remote Code Execution Vulnerability
CVE-2018-0795 No No - - Important
Microsoft Office Remote Code Execution Vulnerability
CVE-2018-0801 No No Less Likely Less Likely Important
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2018-0791 No No Less Likely Less Likely Important
CVE-2018-0793 No No More Likely More Likely Important
Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
CVE-2018-0790 No No Less Likely Less Likely Important
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0789 No No Less Likely Less Likely Important
Microsoft Word Memory Corruption Vulnerability
CVE-2018-0812 No No Unlikely Unlikely Important
CVE-2018-0797 No No Less Likely Less Likely Critical
Microsoft Word Remote Code Execution Vulnerability
CVE-2018-0805 No No Unlikely Unlikely Important
CVE-2018-0806 No No Unlikely Unlikely Important
CVE-2018-0807 No No Unlikely Unlikely Important
Microsoft Word Remote Code Execution Vulnerability
CVE-2018-0804 No No Unlikely Unlikely Low
CVE-2018-0792 No No Less Likely Less Likely Important
CVE-2018-0794 No No More Likely More Likely Important
OpenType Font Driver Elevation of Privilege Vulnerability
CVE-2018-0788 No No More Likely More Likely Important
OpenType Font Driver Information Disclosure Vulnerability
CVE-2018-0754 No No More Likely More Likely Important
SMB Server Elevation of Privilege Vulnerability
CVE-2018-0749 No No Less Likely Less Likely Important
Scripting Engine Information Disclosure Vulnerability
CVE-2018-0800 No No Less Likely Less Likely Critical
CVE-2018-0767 No No Unlikely Unlikely Critical
CVE-2018-0780 No No - - Critical
Scripting Engine Memory Corruption Vulnerability
CVE-2018-0773 No No - - Critical
CVE-2018-0774 No No - - Critical
CVE-2018-0781 No No Unlikely Unlikely Critical
CVE-2018-0758 No No - - Critical
CVE-2018-0762 No No More Likely More Likely Critical
CVE-2018-0768 No No Less Likely Less Likely Important
CVE-2018-0769 No No - - Critical
CVE-2018-0770 No No - - Critical
CVE-2018-0772 No No - - Critical
CVE-2018-0775 No No - - Critical
CVE-2018-0776 No No - - Critical
CVE-2018-0777 No No - - Critical
CVE-2018-0778 No No Unlikely Unlikely Critical
Scripting Engine Security Feature Bypass
CVE-2018-0818 No No Unlikely Unlikely Important
Spoofing Vulnerability in Microsoft Office for MAC
CVE-2018-0819 Yes No Less Likely Less Likely Important
Windows Elevation of Privilege Vulnerability
CVE-2018-0748 No No Less Likely Less Likely Important
CVE-2018-0751 No No Less Likely Less Likely Important
CVE-2018-0752 No No Less Likely Less Likely Important
CVE-2018-0744 No No More Likely More Likely Important
Windows GDI Information Disclosure Vulnerability
CVE-2018-0750 No No More Likely More Likely Important
Windows IPSec Denial of Service Vulnerability
CVE-2018-0753 No No - - Important
Windows Information Disclosure Vulnerability
CVE-2018-0746 No No More Likely More Likely Important
CVE-2018-0747 No No More Likely More Likely Important
CVE-2018-0745 No No More Likely More Likely Important
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2018-0743 No No Less Likely Less Likely Important

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

Keywords:
0 comment(s)
Diary Archives