Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - February 2018 Microsoft (and Adobe) Patch Tuesday InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

February 2018 Microsoft (and Adobe) Patch Tuesday

Published: 2018-02-13
Last Updated: 2018-02-13 23:47:19 UTC
by Johannes Ullrich (Version: 1)
8 comment(s)

I will update this diary as additional bulletins are released. Microsoft marked adobe's bulletin as "not yet exploited". However, according to Adobe and reports from the Korean Cert, one of the vulnerabilities has already been exploited, so I am marking it differently here, and assign it a "Patch Now" rating. Not much detail has been made public yet about this vulnerability, which is why I am leaving the "Disclosed" rating at "No".

Microsoft lists one more vulnerability, CVE-2018-0771, as already disclosed. I left the raiting at "Important" since this is just a security feature bypass.

The "SPECTRE" advisory (ADV180002) was originally released in January but underwent several updates since then. The latest version released today includes references to new updates released for Windows 10 (32-bit) . It also states that there is no release schedule for older versions of Windows, but that they are working on releasing updates for pre-Windows 10 operating systems.

February 2018 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity
February 2018 Adobe Flash Security Update
ADV180004 No Yes - - PATCH NOW
Guidance to mitigate speculative execution side-channel vulnerabilities (Spectre)
ADV180002 No No Less Likely Less Likely Important
Microsoft Edge Information Disclosure Vulnerability
CVE-2018-0839 No No - - Important
CVE-2018-0763 No No - - Critical
Microsoft Edge Security Feature Bypass Vulnerability
CVE-2018-0771 Yes No - - Moderate
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-0841 No No - - Important
Microsoft Office Information Disclosure Vulnerability
CVE-2018-0853 No No Less Likely Less Likely Important
Microsoft Office Memory Corruption Vulnerability
CVE-2018-0851 No No More Likely More Likely Important
Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2018-0850 No No Less Likely Less Likely Important
Microsoft Outlook Memory Corruption Vulnerability
CVE-2018-0852 No No Less Likely Less Likely Critical
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0869 No No - - Important
CVE-2018-0864 No No Unlikely Unlikely Important
Named Pipe File System Elevation of Privilege Vulnerability
CVE-2018-0823 No No - - Important
Scripting Engine Memory Corruption Vulnerabilities
CVE-2018-0834 No No - - Critical
CVE-2018-0835 No No - - Critical
CVE-2018-0836 No No - - Important
CVE-2018-0837 No No - - Critical
CVE-2018-0838 No No - - Critical
CVE-2018-0840 No No - - Critical
CVE-2018-0856 No No - - Critical
CVE-2018-0857 No No - - Critical
CVE-2018-0858 No No - - Critical
CVE-2018-0859 No No - - Critical
CVE-2018-0860 No No - - Critical
CVE-2018-0861 No No - - Critical
CVE-2018-0866 No No More Likely More Likely Important
StructuredQuery Remote Code Execution Vulnerability
CVE-2018-0825 No No More Likely More Likely Critical
Windows AppContainer Elevation Of Privilege Vulnerability
CVE-2018-0821 No No More Likely More Likely Important
Windows Common Log File System Driver Elevation of Privilege Vulnerabilities
CVE-2018-0844 No No More Likely More Likely Important
CVE-2018-0846 No No More Likely More Likely Important
Windows Denial of Service Vulnerability
CVE-2018-0833 No No - - Moderate
Windows EOT Font Engine Information Disclosure Vulnerabilities
CVE-2018-0855 No No - - Important
CVE-2018-0755 No No Less Likely Less Likely Important
CVE-2018-0760 No No More Likely Less Likely Important
CVE-2018-0761 No No More Likely Less Likely Important
Windows Elevation of Privilege Vulnerability
CVE-2018-0828 No No Less Likely Less Likely Important
Windows Kernel Elevation of Privilege Vulnerabilities
CVE-2018-0831 No No Less Likely Less Likely Important
CVE-2018-0742 No No More Likely More Likely Important
CVE-2018-0756 No No More Likely More Likely Important
CVE-2018-0809 No No More Likely More Likely Important
CVE-2018-0820 No No More Likely More Likely Important
Windows Kernel Information Disclosure Vulnerabilities
CVE-2018-0810 No No - - Important
CVE-2018-0829 No No Less Likely Less Likely Important
CVE-2018-0830 No No Less Likely Less Likely Important
CVE-2018-0832 No No Less Likely Less Likely Important
CVE-2018-0843 No No - - Important
CVE-2018-0757 No No Less Likely Less Likely Important
Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
CVE-2018-0822 No No More Likely More Likely Important
Windows Remote Code Execution Vulnerability
CVE-2018-0842 No No More Likely More Likely Important
Windows Scripting Engine Memory Corruption Vulnerability
CVE-2018-0847 No No More Likely More Likely Important
Windows Security Feature Bypass Vulnerability
CVE-2018-0827 No No Less Likely Less Likely Important
Windows Storage Services Elevation of Privilege Vulnerability
CVE-2018-0826 No No More Likely More Likely Important

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

Keywords:
8 comment(s)
Diary Archives