Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft April 2018 Patch Tuesday - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft April 2018 Patch Tuesday

Microsoft today patched 66 different vulnerablities. In addition, Adobe patched 6 vulnerabilities in Adobe Flash.

24 of the vulnerabilities are characterized as "Critical" by Microsoft, and 42 are considered "Important"

Among all these vulnerabilities, there are a couple that stick out:

CVE-2018-1034: This one has already been made public before the patch was released. It is a XSS vulnerability in Sharepoint. XSS vulnerabilities in Sharepoint are very common and are patched pretty much every month.

CVE-2018-0956: Interesting because it affects HTTP/2. We have not yet seen many vulnerabilities in HTTP/2 implementations, but as people start deploying it more, I expect to see more vulnerabilities. HTTP.sys, the vulnerable component patched here, implements HTTP for Microsoft's web server (IIS).

CVE-2018-0986: This vulnerability in Microsoft's Malware Protection Engine was patched last week.

CVE-2018-0976: A denial of service in RDP, which is often exposed to the network.

CVE-2018-0967: Same for SNMP. 

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity
Microsoft Office Graphics Component Code Execution Vulnerability
CVE-2018-1028 No No More Likely More Likely Important
Active Directory Security Feature Bypass Vulnerability
CVE-2018-0890 No No - - Important
April 2018 Adobe Flash Security Update
ADV180007 No No - - Critical
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0990 No No - - Critical
CVE-2018-0993 No No - - Critical
CVE-2018-0994 No No - - Critical
CVE-2018-0995 No No - - Critical
CVE-2018-0979 No No - - Critical
CVE-2018-0980 No No - - Critical
CVE-2018-1019 No No - - Critical
Device Guard Security Feature Bypass Vulnerability
CVE-2018-0966 No No Less Likely Less Likely Important
HTTP.sys Denial of Service Vulnerability
CVE-2018-0956 No No Unlikely Unlikely Important
Hyper-V Information Disclosure Vulnerability
CVE-2018-0957 No No - - Important
CVE-2018-0964 No No - - Important
Internet Explorer Memory Corruption Vulnerability
CVE-2018-0991 No No More Likely More Likely Critical
CVE-2018-0997 No No Less Likely Less Likely Important
CVE-2018-0870 No No More Likely More Likely Critical
CVE-2018-1018 No No More Likely More Likely Critical
CVE-2018-1020 No No More Likely More Likely Critical
Microsoft Browser Memory Corruption Vulnerability
CVE-2018-1023 No No - - Critical
Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2018-1009 No No Less Likely Less Likely Important
Microsoft Edge Information Disclosure Vulnerability
CVE-2018-0892 No No - - Important
CVE-2018-0998 No No - - Important
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-0920 No No More Likely More Likely Important
CVE-2018-1011 No No More Likely More Likely Important
CVE-2018-1027 No No More Likely More Likely Important
CVE-2018-1029 No No More Likely More Likely Important
Microsoft Graphics Component Denial of Service Vulnerability
CVE-2018-8116 No No Unlikely Unlikely Moderate
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2018-1010 No No More Likely More Likely Critical
CVE-2018-1012 No No Less Likely Less Likely Critical
CVE-2018-1013 No No More Likely More Likely Critical
CVE-2018-1015 No No More Likely More Likely Critical
CVE-2018-1016 No No More Likely More Likely Critical
Microsoft JET Database Engine Remote Code Execution Vulnerability
CVE-2018-1003 No No More Likely More Likely Important
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
CVE-2018-0986 No No Less Likely Less Likely Critical
Microsoft Office Information Disclosure Vulnerability
CVE-2018-0950 No No More Likely More Likely Important
CVE-2018-1007 No No Less Likely Less Likely Important
Microsoft Office Remote Code Execution Vulnerability
CVE-2018-1026 No No More Likely More Likely Important
CVE-2018-1030 No No More Likely More Likely Important
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-1032 No No Unlikely Unlikely Important
CVE-2018-1005 No No Unlikely Unlikely Important
CVE-2018-1014 No No Unlikely Unlikely Important
CVE-2018-1034 Yes No Unlikely Unlikely Important
Microsoft Visual Studio Information Disclosure Vulnerability
CVE-2018-1037 No No Unlikely Unlikely Important
Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability
CVE-2018-8117 No No Less Likely Less Likely Important
OpenType Font Driver Elevation of Privilege Vulnerability
CVE-2018-1008 No No More Likely More Likely Important
Scripting Engine Information Disclosure Vulnerability
CVE-2018-0987 No No More Likely More Likely Important
CVE-2018-0989 No No More Likely More Likely Important
CVE-2018-1000 No No More Likely More Likely Critical
CVE-2018-0981 No No More Likely More Likely Critical
Scripting Engine Memory Corruption Vulnerability
CVE-2018-0988 No No More Likely More Likely Critical
CVE-2018-0996 No No More Likely More Likely Critical
CVE-2018-1001 No No More Likely More Likely Important
Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-0963 No No Less Likely Less Likely Important
Windows Kernel Information Disclosure Vulnerability
CVE-2018-0887 No No Less Likely Less Likely Important
CVE-2018-0960 No No Less Likely Less Likely Important
CVE-2018-0968 No No Less Likely Less Likely Important
CVE-2018-0969 No No Less Likely Less Likely Important
CVE-2018-0970 No No Less Likely Less Likely Important
CVE-2018-0971 No No More Likely More Likely Important
CVE-2018-0972 No No Less Likely Less Likely Important
CVE-2018-0973 No No More Likely More Likely Important
CVE-2018-0974 No No Less Likely Less Likely Important
CVE-2018-0975 No No Less Likely Less Likely Important
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2018-0976 No No - - Important
Windows SNMP Service Denial of Service Vulnerability
CVE-2018-0967 No No Unlikely Unlikely Important
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-1004 No No More Likely More Likely Critical

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

Johannes

3297 Posts
ISC Handler
Thanks Johannes !!!
Johannes
38 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!