Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Microsoft January 2018 Patch Tuesday - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft January 2018 Patch Tuesday

Microsoft, as expected included last weeks Meltdown/Spectre update in this months patch Tuesday. But note that in addition to these two flaws, we have a number of other "traditional" privilege escalation and even remote code execution flaws that are probably easier to exploit and should be treated probably with a higher priority. Regardless, I doubt that as many people will work overtime for these run of the mill flaws. For example:

CVE-2018-0788: A quick NVD search shows 15 different vulnerabilities for this Atmfd.dll. Some can even lead to code execution. But I doubt you will have this issue patched this week. Exploitation of CVE-2018-0788 can lead to code execution as administrator. Spectre/Meltdown only allow reading data.

CVE-2018-0773: An attacker may execute arbitrary code in the context of the user running the browser. Spectre, which was patched in many browser again only allows reading data.

and CVE-2018-0802, which is already being exploited.

So better get patching. It worked so well last month :)

January 2018 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity
.NET Security Feature Bypass Vulnerability
CVE-2018-0786 No No Less Likely Less Likely Important
.NET and .NET Core Denial Of Service Vulnerability
CVE-2018-0764 No No Unlikely Unlikely Important
ASP.NET Core Cross Site Request Forgery Vulnerabilty
CVE-2018-0785 No No Unlikely Unlikely Moderate
ASP.NET Core Elevation Of Privilege Vulnerability
CVE-2018-0784 No No Less Likely Less Likely Important
Guidance to mitigate speculative execution side-channel vulnerabilities
ADV180002 No No Less Likely Less Likely Important
January 2018 Adobe Flash Security Update
ADV180001 No No - - Critical
Microsoft Access Tampering Vulnerability
CVE-2018-0799 No No Unlikely Unlikely Important
Microsoft Color Management Information Disclosure Vulnerability
CVE-2018-0741 No No - - Important
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2018-0803 No No - - Important
Microsoft Edge Information Disclosure Vulnerability
CVE-2018-0766 No No Unlikely Unlikely Important
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-0796 No No Less Likely Less Likely Important
Microsoft Office Defense in Depth Update
ADV180003 No No - - None
Microsoft Office Memory Corruption Vulnerability
CVE-2018-0802 No Yes Unlikely Unlikely Important
CVE-2018-0798 No No Less Likely Less Likely Important
Microsoft Office Remote Code Execution Vulnerability
CVE-2018-0795 No No - - Important
Microsoft Office Remote Code Execution Vulnerability
CVE-2018-0801 No No Less Likely Less Likely Important
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2018-0791 No No Less Likely Less Likely Important
CVE-2018-0793 No No More Likely More Likely Important
Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
CVE-2018-0790 No No Less Likely Less Likely Important
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0789 No No Less Likely Less Likely Important
Microsoft Word Memory Corruption Vulnerability
CVE-2018-0812 No No Unlikely Unlikely Important
CVE-2018-0797 No No Less Likely Less Likely Critical
Microsoft Word Remote Code Execution Vulnerability
CVE-2018-0805 No No Unlikely Unlikely Important
CVE-2018-0806 No No Unlikely Unlikely Important
CVE-2018-0807 No No Unlikely Unlikely Important
Microsoft Word Remote Code Execution Vulnerability
CVE-2018-0804 No No Unlikely Unlikely Low
CVE-2018-0792 No No Less Likely Less Likely Important
CVE-2018-0794 No No More Likely More Likely Important
OpenType Font Driver Elevation of Privilege Vulnerability
CVE-2018-0788 No No More Likely More Likely Important
OpenType Font Driver Information Disclosure Vulnerability
CVE-2018-0754 No No More Likely More Likely Important
SMB Server Elevation of Privilege Vulnerability
CVE-2018-0749 No No Less Likely Less Likely Important
Scripting Engine Information Disclosure Vulnerability
CVE-2018-0800 No No Less Likely Less Likely Critical
CVE-2018-0767 No No Unlikely Unlikely Critical
CVE-2018-0780 No No - - Critical
Scripting Engine Memory Corruption Vulnerability
CVE-2018-0773 No No - - Critical
CVE-2018-0774 No No - - Critical
CVE-2018-0781 No No Unlikely Unlikely Critical
CVE-2018-0758 No No - - Critical
CVE-2018-0762 No No More Likely More Likely Critical
CVE-2018-0768 No No Less Likely Less Likely Important
CVE-2018-0769 No No - - Critical
CVE-2018-0770 No No - - Critical
CVE-2018-0772 No No - - Critical
CVE-2018-0775 No No - - Critical
CVE-2018-0776 No No - - Critical
CVE-2018-0777 No No - - Critical
CVE-2018-0778 No No Unlikely Unlikely Critical
Scripting Engine Security Feature Bypass
CVE-2018-0818 No No Unlikely Unlikely Important
Spoofing Vulnerability in Microsoft Office for MAC
CVE-2018-0819 Yes No Less Likely Less Likely Important
Windows Elevation of Privilege Vulnerability
CVE-2018-0748 No No Less Likely Less Likely Important
CVE-2018-0751 No No Less Likely Less Likely Important
CVE-2018-0752 No No Less Likely Less Likely Important
CVE-2018-0744 No No More Likely More Likely Important
Windows GDI Information Disclosure Vulnerability
CVE-2018-0750 No No More Likely More Likely Important
Windows IPSec Denial of Service Vulnerability
CVE-2018-0753 No No - - Important
Windows Information Disclosure Vulnerability
CVE-2018-0746 No No More Likely More Likely Important
CVE-2018-0747 No No More Likely More Likely Important
CVE-2018-0745 No No More Likely More Likely Important
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2018-0743 No No Less Likely Less Likely Important

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

I will be teaching next: Defending Web Applications Security Essentials - SANS Munich March 2019

Johannes

3415 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!