Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft May 2018 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft May 2018 Patch Tuesday

Microsoft patched to vulnerabilities that have already been exploited in the wild:

CVE-2018-8174, a remote code execution vulnerability in the VBScript Engine.

CVE-2018-8120, a privilege escalation vulnerability in Win32k..

CVE-2018-8170. another privilege escalation vulnerabilty patched this month was known publicly, but has not been detected in exploits so far.

In addtion, CVE-2018-8115, which was already patched last week, is included in this months patch round-up.

 

 

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Device Guard Security Feature Bypass Vulnerability
CVE-2018-1039 No No Less Likely Less Likely Important    
.NET and .NET Core Denial of Service Vulnerability
CVE-2018-0765 No No Unlikely Unlikely Important    
Azure IoT SDK Spoofing Vulnerability
CVE-2018-8119 No No - - Important    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8130 No No - - Critical 4.2 3.8
CVE-2018-8133 No No - - Critical 4.2 3.8
CVE-2018-8145 No No Unlikely Unlikely Important 2.4 2.2
CVE-2018-8177 No No - - Critical 4.2 3.8
CVE-2018-0943 No No - - Critical 4.2 3.8
DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2018-8165 No No More Likely More Likely Important 7.0 6.3
Hyper-V Remote Code Execution Vulnerability
CVE-2018-0959 No No Less Likely Less Likely Critical 7.6 6.8
Hyper-V vSMB Remote Code Execution Vulnerability
CVE-2018-0961 No No Less Likely Less Likely Critical 7.6 6.8
Internet Explorer Security Feature Bypass Vulnerability
CVE-2018-8126 No No Less Likely Less Likely Important 5.3 4.8
May 2018 Adobe Flash Security Update
ADV180008 No No - - Critical    
Microsoft Browser Information Disclosure Vulnerability
CVE-2018-1025 No No More Likely More Likely Important 4.3 3.9
Microsoft Browser Memory Corruption Vulnerability
CVE-2018-8178 No No More Likely More Likely Critical 6.4 5.8
Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2018-0824 No No Less Likely Less Likely Important 7.5 6.7
Microsoft Edge Information Disclosure Vulnerability
CVE-2018-1021 No No - - Important 4.3 3.9
Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8123 No No - - Important 4.2 3.8
CVE-2018-8179 No No - - Important 4.2 3.8
Microsoft Edge Security Feature Bypass Vulnerability
CVE-2018-8112 No No - - Important 4.3 3.9
Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8163 No No More Likely More Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8162 No No More Likely More Likely Important    
CVE-2018-8147 No No More Likely More Likely Important    
CVE-2018-8148 No No More Likely More Likely Important    
Microsoft Exchange Elevation of Privilege Vulnerability
CVE-2018-8159 No No Less Likely Less Likely Important    
Microsoft Exchange Memory Corruption Vulnerability
CVE-2018-8151 No No Less Likely Less Likely Important    
CVE-2018-8154 No No Less Likely Less Likely Critical    
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2018-8152 No No Less Likely Less Likely Important    
Microsoft Exchange Spoofing Vulnerability
CVE-2018-8153 No No Less Likely Less Likely Low    
Microsoft InfoPath Remote Code Execution Vulnerability
CVE-2018-8173 No No - - Important    
Microsoft Office Remote Code Execution Vulnerability
CVE-2018-8161 No No Less Likely Less Likely Important    
CVE-2018-8157 No No More Likely More Likely Important    
CVE-2018-8158 No No More Likely More Likely Important    
Microsoft Outlook Information Disclosure Vulnerability
CVE-2018-8160 No No - - Important    
Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2018-8150 No No - - Important    
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8155 No No Less Likely Less Likely Important    
CVE-2018-8156 No No Less Likely Less Likely Important    
CVE-2018-8168 No No - - Important    
CVE-2018-8149 No No Less Likely Less Likely Important    
Scripting Engine Memory Corruption Vulnerability
CVE-2018-8122 No No More Likely More Likely Critical 6.4 5.8
CVE-2018-8128 No No - - Critical 4.2 3.8
CVE-2018-8137 No No - - Critical 4.2 3.8
CVE-2018-8139 No No - - Critical 4.2 3.8
CVE-2018-0945 No No - - Critical 4.2 3.8
CVE-2018-0946 No No - - Critical 4.2 3.8
CVE-2018-0951 No No - - Critical 4.2 3.8
CVE-2018-0953 No No - - Critical 4.2 3.8
CVE-2018-0954 No No More Likely More Likely Critical 4.2 3.8
CVE-2018-0955 No No More Likely More Likely Critical 6.4 5.8
CVE-2018-1022 No No More Likely More Likely Critical 6.4 5.8
CVE-2018-8114 No No More Likely More Likely Critical 6.4 5.8
Win32k Elevation of Privilege Vulnerability
CVE-2018-8124 No No More Likely More Likely Important 7.0 6.3
CVE-2018-8164 No No More Likely More Likely Important 7.0 6.3
CVE-2018-8166 No No More Likely More Likely Important 7.0 6.3
CVE-2018-8120 No Yes - - Important 7.0 6.3
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2018-8167 No No More Likely More Likely Important 7.0 6.7
Windows Elevation of Privilege Vulnerability
CVE-2018-8134 No No More Likely More Likely Important 7.0 6.3
Windows Host Compute Service Shim Remote Code Execution Vulnerability
CVE-2018-8115 No No Unlikely Unlikely Critical    
Windows Image Elevation of Privilege Vulnerability
CVE-2018-8170 Yes No More Likely More Likely Important 7.0 6.3
Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8897 No No Unlikely Unlikely Important 7.0 6.3
Windows Kernel Information Disclosure Vulnerability
CVE-2018-8127 No No More Likely More Likely Important 4.7 4.2
CVE-2018-8141 Yes No - - Important 4.7 4.2
Windows Remote Code Execution Vulnerability
CVE-2018-8136 No No Less Likely Less Likely Low 6.5 5.9
Windows Security Feature Bypass Vulnerability
CVE-2018-0854 No No Unlikely Unlikely Important 2.4 2.2
CVE-2018-0958 No No Less Likely Less Likely Important 5.3 4.8
CVE-2018-8129 No No Less Likely Less Likely Important 5.3 4.8
CVE-2018-8132 No No Less Likely Less Likely Important 5.3 4.8
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-8174 No Yes Detected Detected Critical 7.5 7.0

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

 Johannes

4277 Posts
ISC Handler
May 8th 2018
Thread locked Subscribe May 8th 2018
3 years ago
ADV170017 (YES, that's NO typo) is missing from the list!
See https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170017
 Anonymous
Quote May 8th 2018
3 years ago

Sign Up for Free or Log In to start participating in the conversation!