Microsoft Patch Tuesday - February 2018

Microsoft Patch Tuesday - February 2018

Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 54 new vulnerabilities with 14 of them rated critical, 38 of them rated important, and 2 of them rated Moderate. These vulnerabilities impact Outlook, Edge, Scripting Engine, App Container, Windows, and more.

Critical Vulnerabilities

This month, Microsoft is addressing 14 vulnerabilities that are rated “critical.” Talos believes one of these are notable and require prompt attention, detailed below.

CVE-2018-0852 - Microsoft Outlook Memory Corruption Vulnerability

A remote code execution vulnerability has been identified in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software.

Other vulnerabilities deemed Critical are listed below:

• CVE-2018-0763 - Microsoft Edge Information Disclosure Vulnerability
• CVE-2018-0825 - StructuredQuery Remote Code Execution Vulnerability
• CVE-2018-0834 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0835 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0837 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0838 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0840 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0856 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0857 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0858 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0859 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0860 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0861 - Scripting Engine Memory Corruption Vulnerability

Important Vulnerabilities

This month, Microsoft is addressing 38 vulnerabilities that are rated “important.” Talos believes one of these vulnerabilities is notable and requires prompt attention. These are detailed below.

CVE-2018-0850 - Microsoft Outlook Elevation of Privilege Vulnerability

A elevation of privilege vulnerability has been identified in Microsoft Outlook that manifest when it initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email.

Other vulnerabilities deemed Important are listed below:

• CVE-2018-0742 - Windows Kernel Elevation of Privilege Vulnerability
• CVE-2018-0755 - Windows EOT Font Engine Information Disclosure Vulnerability
• CVE-2018-0756 - Windows Kernel Elevation of Privilege Vulnerability
• CVE-2018-0757 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0760 - Windows EOT Font Engine Information Disclosure Vulnerability
• CVE-2018-0761 - Windows EOT Font Engine Information Disclosure Vulnerability
• CVE-2018-0809 - Windows Kernel Elevation of Privilege Vulnerability
• CVE-2018-0810 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0820 - Windows Kernel Elevation of Privilege Vulnerability
• CVE-2018-0821 - Windows AppContainer Elevation Of Privilege Vulnerability
• CVE-2018-0822 - Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
• CVE-2018-0823 - Named Pipe File System Elevation of Privilege Vulnerability
• CVE-2018-0826 - Windows Storage Services Elevation of Privilege Vulnerability
• CVE-2018-0827 - Windows Security Feature Bypass Vulnerability
• CVE-2018-0828 - Windows Elevation of Privilege Vulnerability
• CVE-2018-0829 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0830 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0831 - Windows Kernel Elevation of Privilege Vulnerability
• CVE-2018-0832 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0836 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0839 - Microsoft Edge Information Disclosure Vulnerability
• CVE-2018-0841 - Microsoft Excel Remote Code Execution Vulnerability
• CVE-2018-0842 - Windows Remote Code Execution Vulnerability
• CVE-2018-0843 - Windows Kernel Information Disclosure Vulnerability
• CVE-2018-0844 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
• CVE-2018-0845 - Microsoft Office Memory Corruption Vulnerability
• CVE-2018-0846 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
• CVE-2018-0847 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0848 - Microsoft Office Memory Corruption Vulnerability
• CVE-2018-0849 - Microsoft Office Memory Corruption Vulnerability
• CVE-2018-0851 - Microsoft Office Memory Corruption Vulnerability
• CVE-2018-0853 - Microsoft Office Information Disclosure Vulnerability
• CVE-2018-0855 - Windows EOT Font Engine Information Disclosure Vulnerability
• CVE-2018-0862 - Microsoft Office Memory Corruption Vulnerability
• CVE-2018-0864 - Microsoft SharePoint Elevation of Privilege Vulnerability
• CVE-2018-0866 - Scripting Engine Memory Corruption Vulnerability
• CVE-2018-0869 - Microsoft SharePoint Elevation of Privilege Vulnerability

Coverage

In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

Snort Rules:

• 45624-45637
• 45649-45650
• 45654-45657
• 45659-45660
• 45673-45674
• 40691-40692