edit-icon download-icon

[Vulnerability notice] Microsoft Patch Tuesday - January 2018

Last Updated: Mar 12, 2018

On January 9, 2018 (EST), Microsoft released the security bulletin for the first month of 2018. This security bulletin discloses 56 new vulnerabilities, with 16 of them rated critical, 39 rated important, and 1 rated moderate. These vulnerabilities affect Microsoft products including ASP.NET, Edge, Internet Explorer, Office, and Windows.

In addition to patches against the 56 vulnerabilities, Microsoft also released updates against Intel CPU vulnerabilities Meltdown and Spectre. In ADV180002, Windows releases mitigation measures against the two vulnerabilities.

Note: Affected users and organizations may have not received the updates because the updates are incompatible with the antivirus products used.

This bulletin discloses multiple information disclosure vulnerabilities in the Windows kernel, with CVE numbers of CVE-2018-0745, CVE-2018-0746, and CVE-2018-0747 respectively. Attackers can exploit these vulnerabilities to bypass identity verification and run special programs to retrieve memory addresses of kernel objects. Then they can obtain sensitive information.

The bulletin also discloses multiple elevation of privilege vulnerabilities in the Windows kernel, with CVE numbers of CVE-2018-0748, CVE-2018-0751, and CVE-2018-0752 respectively. These vulnerabilities occur because Windows kernel APIs fail to perform privilege control correctly. These vulnerabilities enable attackers to bypass identity verification. Then they can run special programs and simulate processes to inject inter-process communication or interrupt system functions. These vulnerabilities bring security risks to enterprise users.

The bulletin discloses an Office vulnerability rated important: CVE-2018-0802. Attackers can exploit this vulnerability to attack the formula editor embedded in Office. Once Office users or IT personnel are induced to open malicious files, their desktops may be remotely controlled by attackers.

Alibaba Cloud reminds you to pay attention to the preceding vulnerabilities and install patches based on actual situation of your business. See the following for more information about the bulletin.


Affected products

The following Microsoft products are affected:

  • ASP.NET
  • Edge
  • Internet Explorer
  • Office
  • Windows

Vulnerabilities rated critical

  • CVE-2018-0758 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0762 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0767 - Scripting Engine Information Disclosure Vulnerability
  • CVE-2018-0769 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0770 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0772 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0773 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0774 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0775 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0776 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0777 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0778 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0780 - Scripting Engine Information Disclosure Vulnerability
  • CVE-2018-0781 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0797 - Microsoft Word Memory Corruption Vulnerability
  • CVE-2018-0800 - Scripting Engine Information Disclosure Vulnerability

Vulnerabilities rated important

  • CVE-2018-0741 - Microsoft Color Management Information Disclosure Vulnerability
  • CVE-2018-0743 - Windows Subsystem for Linux Elevation of Privilege Vulnerability
  • CVE-2018-0744 - Windows Elevation of Privilege Vulnerability
  • CVE-2018-0745 - Windows Information Disclosure Vulnerability
  • CVE-2018-0746 - Windows Information Disclosure Vulnerability
  • CVE-2018-0747 - Windows Information Disclosure Vulnerability
  • CVE-2018-0748 - Windows Elevation of Privilege Vulnerability
  • CVE-2018-0749 - SMB Server Elevation of Privilege Vulnerability
  • CVE-2018-0750 - Windows GDI Information Disclosure Vulnerability
  • CVE-2018-0751 - Windows Elevation of Privilege Vulnerability
  • CVE-2018-0752 - Windows Elevation of Privilege Vulnerability
  • CVE-2018-0753 - Windows IPSec Denial of Service Vulnerability
  • CVE-2018-0754 - ATMFD.dll Information Disclosure Vulnerability
  • CVE-2018-0764 - .NET and .NET Core Denial Of Service Vulnerability
  • CVE-2018-0766 - Microsoft Edge Information Disclosure Vulnerability
  • CVE-2018-0768 - Scripting Engine Memory Corruption Vulnerability
  • CVE-2018-0784 - ASP.NET Core Elevation Of Privilege Vulnerability
  • CVE-2018-0786 - .NET Security Feature Bypass Vulnerability
  • CVE-2018-0788 - ATMFD.dll Information Disclosure Vulnerability
  • CVE-2018-0789 - Microsoft Office Spoofing Vulnerability
  • CVE-2018-0790 - Microsoft Office Information Disclosure Vulnerability
  • CVE-2018-0791 - Microsoft Outlook Remote Code Execution Vulnerability
  • CVE-2018-0792 - Microsoft Word Remote Code Execution
  • CVE-2018-0793 - Microsoft Outlook Remote Code Execution
  • CVE-2018-0794 - Microsoft Word Remote Code Execution
  • CVE-2018-0795 - Microsoft Office Remote Code Execution
  • CVE-2018-0796 - Microsoft Excel Remote Code Execution
  • CVE-2018-0798 - Microsoft Word Memory Corruption Vulnerability
  • CVE-2018-0799 - Microsoft Access Tampering Vulnerability
  • CVE-2018-0801 - Microsoft Office Remote Code Execution Vulnerability
  • CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability
  • CVE-2018-0803 - Microsoft Edge Elevation of Privilege Vulnerability
  • CVE-2018-0805 - Microsoft Word Remote Code Execution Vulnerability
  • CVE-2018-0806 - Microsoft Word Remote Code Execution Vulnerability
  • CVE-2018-0807 - Microsoft Word Remote Code Execution Vulnerability
  • CVE-2018-0812 - Microsoft Word Memory Corruption Vulnerability
  • CVE-2018-0818 - Scripting Engine Security Feature Bypass
  • CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for MAC

Vulnerabilities rated moderate

CVE-2018-0785 - ASP.NET Core Cross Site Request Forgery Vulnerability

How to fix

Alibaba Cloud Security team recommends that you pay attention to these vulnerabilities and install patches suitable for your business to improve server security.

Installing business-irrelevant software (such as Office or other office work software) on your business systems is not recommended because such software is vulnerable to intrusion by hackers.

We recommend that you enable Windows Update, click Check for updates, and then download and install patches related to your business. After installing patches, restart the server and check the system running status.

Note: Before installing updates, test the updates and create data backups and snapshots to prevent data loss in case of exceptions during update installation.

Reference

http://blog.talosintelligence.com/2018/01/ms-tuesday.html

Thank you! We've received your feedback.