Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Microsoft January 2018 Patch Tuesday - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft January 2018 Patch Tuesday

Microsoft, as expected included last weeks Meltdown/Spectre update in this months patch Tuesday. But note that in addition to these two flaws, we have a number of other "traditional" privilege escalation and even remote code execution flaws that are probably easier to exploit and should be treated probably with a higher priority. Regardless, I doubt that as many people will work overtime for these run of the mill flaws. For example:

CVE-2018-0788: A quick NVD search shows 15 different vulnerabilities for this Atmfd.dll. Some can even lead to code execution. But I doubt you will have this issue patched this week. Exploitation of CVE-2018-0788 can lead to code execution as administrator. Spectre/Meltdown only allow reading data.

CVE-2018-0773: An attacker may execute arbitrary code in the context of the user running the browser. Spectre, which was patched in many browser again only allows reading data.

and CVE-2018-0802, which is already being exploited.

So better get patching. It worked so well last month :)

January 2018 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity
.NET Security Feature Bypass Vulnerability
CVE 2018-0786 No No Less Likely Less Likely Important
.NET and .NET Core Denial Of Service Vulnerability
CVE 2018-0764 No No Unlikely Unlikely Important
ASP.NET Core Cross Site Request Forgery Vulnerabilty
CVE 2018-0785 No No Unlikely Unlikely Moderate
ASP.NET Core Elevation Of Privilege Vulnerability
CVE 2018-0784 No No Less Likely Less Likely Important
Guidance to mitigate speculative execution side-channel vulnerabilities
ADV180002 No No Less Likely Less Likely Important
January 2018 Adobe Flash Security Update
ADV180001 No No - - Critical
Microsoft Access Tampering Vulnerability
CVE 2018-0799 No No Unlikely Unlikely Important
Microsoft Color Management Information Disclosure Vulnerability
CVE 2018-0741 No No - - Important
Microsoft Edge Elevation of Privilege Vulnerability
CVE 2018-0803 No No - - Important
Microsoft Edge Information Disclosure Vulnerability
CVE 2018-0766 No No Unlikely Unlikely Important
Microsoft Excel Remote Code Execution Vulnerability
CVE 2018-0796 No No Less Likely Less Likely Important
Microsoft Office Defense in Depth Update
ADV180003 No No - - None
Microsoft Office Memory Corruption Vulnerability
CVE 2018-0802 No Yes Unlikely Unlikely Important
CVE 2018-0798 No No Less Likely Less Likely Important
Microsoft Office Remote Code Execution Vulnerability
CVE 2018-0795 No No - - Important
Microsoft Office Remote Code Execution Vulnerability
CVE 2018-0801 No No Less Likely Less Likely Important
Microsoft Outlook Remote Code Execution Vulnerability
CVE 2018-0791 No No Less Likely Less Likely Important
CVE 2018-0793 No No More Likely More Likely Important
Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
CVE 2018-0790 No No Less Likely Less Likely Important
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE 2018-0789 No No Less Likely Less Likely Important
Microsoft Word Memory Corruption Vulnerability
CVE 2018-0812 No No Unlikely Unlikely Important
CVE 2018-0797 No No Less Likely Less Likely Critical
Microsoft Word Remote Code Execution Vulnerability
CVE 2018-0805 No No Unlikely Unlikely Important
CVE 2018-0806 No No Unlikely Unlikely Important
CVE 2018-0807 No No Unlikely Unlikely Important
Microsoft Word Remote Code Execution Vulnerability
CVE 2018-0804 No No Unlikely Unlikely Low
CVE 2018-0792 No No Less Likely Less Likely Important
CVE 2018-0794 No No More Likely More Likely Important
OpenType Font Driver Elevation of Privilege Vulnerability
CVE 2018-0788 No No More Likely More Likely Important
OpenType Font Driver Information Disclosure Vulnerability
CVE 2018-0754 No No More Likely More Likely Important
SMB Server Elevation of Privilege Vulnerability
CVE 2018-0749 No No Less Likely Less Likely Important
Scripting Engine Information Disclosure Vulnerability
CVE 2018-0800 No No Less Likely Less Likely Critical
CVE 2018-0767 No No Unlikely Unlikely Critical
CVE 2018-0780 No No - - Critical
Scripting Engine Memory Corruption Vulnerability
CVE 2018-0773 No No - - Critical
CVE 2018-0774 No No - - Critical
CVE 2018-0781 No No Unlikely Unlikely Critical
CVE 2018-0758 No No - - Critical
CVE 2018-0762 No No More Likely More Likely Critical
CVE 2018-0768 No No Less Likely Less Likely Important
CVE 2018-0769 No No - - Critical
CVE 2018-0770 No No - - Critical
CVE 2018-0772 No No - - Critical
CVE 2018-0775 No No - - Critical
CVE 2018-0776 No No - - Critical
CVE 2018-0777 No No - - Critical
CVE 2018-0778 No No Unlikely Unlikely Critical
Scripting Engine Security Feature Bypass
CVE 2018-0818 No No Unlikely Unlikely Important
Spoofing Vulnerability in Microsoft Office for MAC
CVE 2018-0819 Yes No Less Likely Less Likely Important
Windows Elevation of Privilege Vulnerability
CVE 2018-0748 No No Less Likely Less Likely Important
CVE 2018-0751 No No Less Likely Less Likely Important
CVE 2018-0752 No No Less Likely Less Likely Important
CVE 2018-0744 No No More Likely More Likely Important
Windows GDI Information Disclosure Vulnerability
CVE 2018-0750 No No More Likely More Likely Important
Windows IPSec Denial of Service Vulnerability
CVE 2018-0753 No No - - Important
Windows Information Disclosure Vulnerability
CVE 2018-0746 No No More Likely More Likely Important
CVE 2018-0747 No No More Likely More Likely Important
CVE 2018-0745 No No More Likely More Likely Important
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE 2018-0743 No No Less Likely Less Likely Important

 

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
STI|Twitter|

Johannes

3218 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!