Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft April 2018 Patch Tuesday - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft April 2018 Patch Tuesday

Microsoft today patched 66 different vulnerablities. In addition, Adobe patched 6 vulnerabilities in Adobe Flash.

24 of the vulnerabilities are characterized as "Critical" by Microsoft, and 42 are considered "Important"

Among all these vulnerabilities, there are a couple that stick out:

CVE-2018-1034: This one has already been made public before the patch was released. It is a XSS vulnerability in Sharepoint. XSS vulnerabilities in Sharepoint are very common and are patched pretty much every month.

CVE-2018-0956: Interesting because it affects HTTP/2. We have not yet seen many vulnerabilities in HTTP/2 implementations, but as people start deploying it more, I expect to see more vulnerabilities. HTTP.sys, the vulnerable component patched here, implements HTTP for Microsoft's web server (IIS).

CVE-2018-0986: This vulnerability in Microsoft's Malware Protection Engine was patched last week.

CVE-2018-0976: A denial of service in RDP, which is often exposed to the network.

CVE-2018-0967: Same for SNMP. 

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity
Microsoft Office Graphics Component Code Execution Vulnerability
CVE 2018-1028 No No More Likely More Likely Important
Active Directory Security Feature Bypass Vulnerability
CVE 2018-0890 No No - - Important
April 2018 Adobe Flash Security Update
ADV180007 No No - - Critical
Chakra Scripting Engine Memory Corruption Vulnerability
CVE 2018-0990 No No - - Critical
CVE 2018-0993 No No - - Critical
CVE 2018-0994 No No - - Critical
CVE 2018-0995 No No - - Critical
CVE 2018-0979 No No - - Critical
CVE 2018-0980 No No - - Critical
CVE 2018-1019 No No - - Critical
Device Guard Security Feature Bypass Vulnerability
CVE 2018-0966 No No Less Likely Less Likely Important
HTTP.sys Denial of Service Vulnerability
CVE 2018-0956 No No Unlikely Unlikely Important
Hyper-V Information Disclosure Vulnerability
CVE 2018-0957 No No - - Important
CVE 2018-0964 No No - - Important
Internet Explorer Memory Corruption Vulnerability
CVE 2018-0991 No No More Likely More Likely Critical
CVE 2018-0997 No No Less Likely Less Likely Important
CVE 2018-0870 No No More Likely More Likely Critical
CVE 2018-1018 No No More Likely More Likely Critical
CVE 2018-1020 No No More Likely More Likely Critical
Microsoft Browser Memory Corruption Vulnerability
CVE 2018-1023 No No - - Critical
Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
CVE 2018-1009 No No Less Likely Less Likely Important
Microsoft Edge Information Disclosure Vulnerability
CVE 2018-0892 No No - - Important
CVE 2018-0998 No No - - Important
Microsoft Excel Remote Code Execution Vulnerability
CVE 2018-0920 No No More Likely More Likely Important
CVE 2018-1011 No No More Likely More Likely Important
CVE 2018-1027 No No More Likely More Likely Important
CVE 2018-1029 No No More Likely More Likely Important
Microsoft Graphics Component Denial of Service Vulnerability
CVE 2018-8116 No No Unlikely Unlikely Moderate
Microsoft Graphics Remote Code Execution Vulnerability
CVE 2018-1010 No No More Likely More Likely Critical
CVE 2018-1012 No No Less Likely Less Likely Critical
CVE 2018-1013 No No More Likely More Likely Critical
CVE 2018-1015 No No More Likely More Likely Critical
CVE 2018-1016 No No More Likely More Likely Critical
Microsoft JET Database Engine Remote Code Execution Vulnerability
CVE 2018-1003 No No More Likely More Likely Important
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
CVE 2018-0986 No No Less Likely Less Likely Critical
Microsoft Office Information Disclosure Vulnerability
CVE 2018-0950 No No More Likely More Likely Important
CVE 2018-1007 No No Less Likely Less Likely Important
Microsoft Office Remote Code Execution Vulnerability
CVE 2018-1026 No No More Likely More Likely Important
CVE 2018-1030 No No More Likely More Likely Important
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE 2018-1032 No No Unlikely Unlikely Important
CVE 2018-1005 No No Unlikely Unlikely Important
CVE 2018-1014 No No Unlikely Unlikely Important
CVE 2018-1034 Yes No Unlikely Unlikely Important
Microsoft Visual Studio Information Disclosure Vulnerability
CVE 2018-1037 No No Unlikely Unlikely Important
Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability
CVE 2018-8117 No No Less Likely Less Likely Important
OpenType Font Driver Elevation of Privilege Vulnerability
CVE 2018-1008 No No More Likely More Likely Important
Scripting Engine Information Disclosure Vulnerability
CVE 2018-0987 No No More Likely More Likely Important
CVE 2018-0989 No No More Likely More Likely Important
CVE 2018-1000 No No More Likely More Likely Critical
CVE 2018-0981 No No More Likely More Likely Critical
Scripting Engine Memory Corruption Vulnerability
CVE 2018-0988 No No More Likely More Likely Critical
CVE 2018-0996 No No More Likely More Likely Critical
CVE 2018-1001 No No More Likely More Likely Important
Windows Kernel Elevation of Privilege Vulnerability
CVE 2018-0963 No No Less Likely Less Likely Important
Windows Kernel Information Disclosure Vulnerability
CVE 2018-0887 No No Less Likely Less Likely Important
CVE 2018-0960 No No Less Likely Less Likely Important
CVE 2018-0968 No No Less Likely Less Likely Important
CVE 2018-0969 No No Less Likely Less Likely Important
CVE 2018-0970 No No Less Likely Less Likely Important
CVE 2018-0971 No No More Likely More Likely Important
CVE 2018-0972 No No Less Likely Less Likely Important
CVE 2018-0973 No No More Likely More Likely Important
CVE 2018-0974 No No Less Likely Less Likely Important
CVE 2018-0975 No No Less Likely Less Likely Important
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE 2018-0976 No No - - Important
Windows SNMP Service Denial of Service Vulnerability
CVE 2018-0967 No No Unlikely Unlikely Important
Windows VBScript Engine Remote Code Execution Vulnerability
CVE 2018-1004 No No More Likely More Likely Critical

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

Johannes

3216 Posts
ISC Handler
Thanks Johannes !!!
Anonymous
Posts

Sign Up for Free or Log In to start participating in the conversation!