Microsoft February Patch Tuesday Fixes 50 Security Issues

Patch Tuesday

Microsoft has released the February 2018 Patch Tuesday security updates, and this month’s release comes with fixes for 50 vulnerabilities, along with additional patches for the Meltdown and Spectre vulnerabilities (ADV180002).

There are no Windows zero-days in this month’s Patch Tuesday, but Microsoft has included patches for an Adobe Flash Player zero-day that came to light at the start of the month.

The Flash zero-day patches are bundled in ADV180004, which Microsoft silently pushed to users’ PCs last week, on February 6, but which have also been included in the company’s monthly security rollup.

As for Microsoft products, the company says this month’s Patch Tuesday contains fixes for the Windows OS, Microsoft Office and Microsoft Office Services and Web Apps, Internet Explorer, Microsoft Edge, and the ChakraCore JavaScript engine.

February 2018 Patch Tuesday includes Windows kernel fixes

The vast majority of this month’s fixes are Elevation of Privilege (EoP) vulnerabilities that will allow attackers with a foothold on the machine to gain SYSTEM-level privileges.

In addition, Microsoft also patched 11 bugs affecting the Windows kernel. Even if these are information disclosure and elevation of privilege issues, these bugs should not be taken lightly, as Microsoft expects threat actors to abuse these vulnerabilities in the future, most of them receiving an assessment of “Exploitation More Likely.”

But there is also some good news. Even if details about a Microsoft Edge Same-Origin Policy (SOP) bypass technique (CVE-2018-0771) became public, the vulnerability was not exploited in the wild before Microsoft delivered a patch earlier today.

Adobe publishes security fixes as well

If users are already in a patching mood, Adobe has also released its Patch Tuesday advisories, and besides the Flash zero-day fixes it delivered last week, the company also released today fixes for Adobe Acrobat and Reader (PDF readers) and Adobe Experience Manager (enterprise CMS).

Below is a table listing of all the security issues Microsoft fixed this month. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.

If you’re not interested in all security updates and you’d like to filter updates per product, you can use Microsoft’s official Security Update Guide portal, accessible here.

TagCVE IDCVE Title
Side-ChannelADV180002Guidance to mitigate speculative execution side-channel vulnerabilities
Adobe Flash PlayerADV180004February 2018 Adobe Flash Security Update
Common Log File System DriverCVE-2018-0844Windows Common Log File System Driver Elevation of Privilege Vulnerability
Common Log File System DriverCVE-2018-0846Windows Common Log File System Driver Elevation of Privilege Vulnerability
Device GuardCVE-2018-0827Windows Security Feature Bypass Vulnerability
Graphic FontsCVE-2018-0855Windows EOT Font Engine Information Disclosure Vulnerability
Graphic FontsCVE-2018-0755Windows EOT Font Engine Information Disclosure Vulnerability
Graphic FontsCVE-2018-0760Windows EOT Font Engine Information Disclosure Vulnerability
Graphic FontsCVE-2018-0761Windows EOT Font Engine Information Disclosure Vulnerability
Internet ExplorerCVE-2018-0866Scripting Engine Memory Corruption Vulnerability
Microsoft BrowsersCVE-2018-0840Scripting Engine Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-0839Microsoft Edge Information Disclosure Vulnerability
Microsoft EdgeCVE-2018-0771Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-0763Microsoft Edge Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-0869Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0864Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0852Microsoft Outlook Memory Corruption Vulnerability
Microsoft OfficeCVE-2018-0851Microsoft Office Memory Corruption Vulnerability
Microsoft OfficeCVE-2018-0850Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0853Microsoft Office Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-0841Microsoft Excel Remote Code Execution Vulnerability
Microsoft Scripting EngineCVE-2018-0859Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0860Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0861Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0858Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0836Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0835Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0837Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0838Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0856Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0857Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0834Scripting Engine Memory Corruption Vulnerability
Microsoft WindowsCVE-2018-0822Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-0823Named Pipe File System Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-0825StructuredQuery Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-0828Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-0826Windows Storage Services Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-0821Windows AppContainer Elevation Of Privilege Vulnerability
Microsoft WindowsCVE-2018-0847Windows Scripting Engine Memory Corruption Vulnerability
Microsoft WindowsCVE-2018-0820Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2018-0831Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2018-0832Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0830Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0829Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0757Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0742Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2018-0756Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2018-0809Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2018-0810Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0843Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0842Windows Remote Code Execution Vulnerability
Windows SMB ServerCVE-2018-0833Windows Denial of Service Vulnerability

Read more here

What do you think of this post?
  • Awesome (0)
  • Interesting (0)
  • Useful (0)
  • Boring (0)
  • Sucks (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>