Start of this new year, Meltdown and Spectre kept us busy. Today Microsoft Patch Tuesday, January 2018, released regular patches fixing a total of 23 vulnerabilities using a patch management tool. Among these Microsoft rated one CVE as Critical, 20 as Important, one as Moderate and last one as Low. Microsoft also released 2 advisories for Adobe and Microsoft Office. Out of these 23 vulnerabilities, 15 lead to Remote Code Execution.
In January 2018, Microsoft released patches for total 56 vulnerabilities (CVE’s) and 3 advisories, which includes out of band updates from last week and now January Patch Tuesday. A vulnerability management tool can discover these vulnerabilities.
Microsoft Office received a major share of security updates this month. The most important of these is the 0-day vulnerability in Equation Editologgedr, a component of Microsoft Office. This vulnerability is due to the way objects are handled in memory, aka “Microsoft Office Memory Corruption Vulnerability” and can lead to remote code execution on the affected systems. Also, For successful exploitation, an attacker has to convince users to open malicious office file by making the user to download and open the file via an email or instant message. However, Successful exploitation of this vulnerability could allow an attacker to run arbitrary code in the context of the logged in user. Moreover, Microsoft addressed this 0-day by removing some of the Equation Editor’s functionality.
NOTE: Test and deploy all the patches released to mitigate Meltdown and Spectre, as there could be a performance related problems since it involves BIOS level patches.
Jimmy Graham, points out in the Qualys blog,
This January 2018 consists of security updates for the following products,
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- SQL Server
- ChakraCore
- .NET Framework
- .NET Core
- ASP.NET Core
- Adobe Flash
Microsoft Security Bulletin Summary for January 2018:
- Product: Internet Explorer
CVE’s/Advisory: ADV180002, CVE-2018-0762, CVE-2018-0772
Impact: Information Disclosure, Remote Code Execution
KB’s: 4056568, 4056888, 4056890, 4056891, 4056892, 4056893, 4056894, 4056895, 4056896
2. Product: Microsoft Edge
CVE’s/Advisory: ADV180002, CVE-2018-0758, CVE-2018-0762, CVE-2018-0766, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0781, CVE-2018-0800, CVE-2018-0803
Impact: Elevation of Privilege, Information Disclosure and then Remote Code Execution
KB’s: 4056888, 4056890, 4056891, 4056892, 4056893
3. Product: .NET Core, ASP.NET Core
CVE’s/Advisory: CVE-2018-0764, CVE-2018-0784, CVE-2018-0785, CVE-2018-0786
Impact: Denial of Service, Elevation of Privilege, Security Feature Bypass and then Tampering
4. Product: ChakraCore
CVE’s/Advisory: CVE-2018-0758, CVE-2018-0762, CVE-2018-0767, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, CVE-2018-0780, CVE-2018-0781, CVE-2018-0800, CVE-2018-0818
Impact: Information Disclosure, Remote Code Execution, Security Feature Bypass and then Code Execution
More on Microsoft Security Bulletin Summary for January 2018:
5. Product: Microsoft .NET Framework
CVE’s/Advisory: CVE-2018-0764, CVE-2018-0786
Impact: Denial of Service, Security Feature Bypass
KB’s: 4054170, 4054171, 4054172, 4054174, 4054175, 4054176, 4054177, 4054181, 4054182, 4054183, 4054993, 4054994, 4054995, 4054996, 4054997, 4054998, 4054999, 4055000, 4055001, 4055002, 4056888, 4056890, 4056891, 4056892, 4056893
6. Product: Microsoft Office, Microsoft SharePoint Server and then Microsoft SharePoint Foundation
CVE’s/Advisory: ADV180003, CVE-2018-0789, CVE-2018-0790, CVE-2018-0791, CVE-2018-0792, CVE-2018-0793, CVE-2018-0794, CVE-2018-0795, CVE-2018-0796, CVE-2018-0797, CVE-2018-0798, CVE-2018-0799, CVE-2018-0801, CVE-2018-0802, CVE-2018-0804, CVE-2018-0805, CVE-2018-0806, CVE-2018-0807, CVE-2018-0812, CVE-2018-0819
Impact: Defense in Depth, Information Disclosure, Remote Code Execution, Spoofing and then Tampering
KB’s: 3114998, 3141547, 4011021, 4011201, 4011213, 4011273, 4011574, 4011579, 4011580, 4011599, 4011602, 4011605, 4011606, 4011607, 4011609, 4011610, 4011611, 4011615, 4011622, 4011626, 4011627, 4011632, 4011636, 4011637, 4011639, 4011641, 4011642, 4011643, 4011648, 4011651, 4011653, 4011656, 4011657, 4011658, 4011659, 4011660
7. Product: Microsoft SQL Server
CVE’s/Advisory: ADV180002
Impact: Information Disclosure
KB’s: 4057113, 4057114, 4057118, 4057122, 4058559, 4058560, 4058561, 4058562
8. Product: Windows
CVE’s/Advisory: ADV180002, CVE-2018-0741, CVE-2018-0743, CVE-2018-0744, CVE-2018-0745, CVE-2018-0746, CVE-2018-0747, CVE-2018-0748, CVE-2018-0749, CVE-2018-0750, CVE-2018-0751, CVE-2018-0752, CVE-2018-0753, CVE-2018-0754, CVE-2018-0788
Impact: Denial of Service, Elevation of Privilege and then Information Disclosure
KB’s: 4056613, 4056615, 4056759, 4056888, 4056890, 4056891, 4056892, 4056893, 4056894, 4056896, 4056897, 4056898, 4056899, 4056941, 4056942, 4056944
9. Product: Adobe Flash Player
CVE’s/Advisory: ADV180001
Impact: Denial of Service, Elevation of Privilege, Information Disclosure
KB’s: 4056887
SecPod SanerNow detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.