Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft April 2018 Patch Tuesday - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft April 2018 Patch Tuesday

Microsoft today patched 66 different vulnerablities. In addition, Adobe patched 6 vulnerabilities in Adobe Flash.

24 of the vulnerabilities are characterized as "Critical" by Microsoft, and 42 are considered "Important"

Among all these vulnerabilities, there are a couple that stick out:

CVE-2018-1034: This one has already been made public before the patch was released. It is a XSS vulnerability in Sharepoint. XSS vulnerabilities in Sharepoint are very common and are patched pretty much every month.

CVE-2018-0956: Interesting because it affects HTTP/2. We have not yet seen many vulnerabilities in HTTP/2 implementations, but as people start deploying it more, I expect to see more vulnerabilities. HTTP.sys, the vulnerable component patched here, implements HTTP for Microsoft's web server (IIS).

CVE-2018-0986: This vulnerability in Microsoft's Malware Protection Engine was patched last week.

CVE-2018-0976: A denial of service in RDP, which is often exposed to the network.

CVE-2018-0967: Same for SNMP. 

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity
Microsoft Office Graphics Component Code Execution Vulnerability
CVE-2018-1028 No No More Likely More Likely Important
Active Directory Security Feature Bypass Vulnerability
CVE-2018-0890 No No - - Important
April 2018 Adobe Flash Security Update
ADV180007 No No - - Critical
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0990 No No - - Critical
CVE-2018-0993 No No - - Critical
CVE-2018-0994 No No - - Critical
CVE-2018-0995 No No - - Critical
CVE-2018-0979 No No - - Critical
CVE-2018-0980 No No - - Critical
CVE-2018-1019 No No - - Critical
Device Guard Security Feature Bypass Vulnerability
CVE-2018-0966 No No Less Likely Less Likely Important
HTTP.sys Denial of Service Vulnerability
CVE-2018-0956 No No Unlikely Unlikely Important
Hyper-V Information Disclosure Vulnerability
CVE-2018-0957 No No - - Important
CVE-2018-0964 No No - - Important
Internet Explorer Memory Corruption Vulnerability
CVE-2018-0991 No No More Likely More Likely Critical
CVE-2018-0997 No No Less Likely Less Likely Important
CVE-2018-0870 No No More Likely More Likely Critical
CVE-2018-1018 No No More Likely More Likely Critical
CVE-2018-1020 No No More Likely More Likely Critical
Microsoft Browser Memory Corruption Vulnerability
CVE-2018-1023 No No - - Critical
Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2018-1009 No No Less Likely Less Likely Important
Microsoft Edge Information Disclosure Vulnerability
CVE-2018-0892 No No - - Important
CVE-2018-0998 No No - - Important
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-0920 No No More Likely More Likely Important
CVE-2018-1011 No No More Likely More Likely Important
CVE-2018-1027 No No More Likely More Likely Important
CVE-2018-1029 No No More Likely More Likely Important
Microsoft Graphics Component Denial of Service Vulnerability
CVE-2018-8116 No No Unlikely Unlikely Moderate
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2018-1010 No No More Likely More Likely Critical
CVE-2018-1012 No No Less Likely Less Likely Critical
CVE-2018-1013 No No More Likely More Likely Critical
CVE-2018-1015 No No More Likely More Likely Critical
CVE-2018-1016 No No More Likely More Likely Critical
Microsoft JET Database Engine Remote Code Execution Vulnerability
CVE-2018-1003 No No More Likely More Likely Important
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
CVE-2018-0986 No No Less Likely Less Likely Critical
Microsoft Office Information Disclosure Vulnerability
CVE-2018-0950 No No More Likely More Likely Important
CVE-2018-1007 No No Less Likely Less Likely Important
Microsoft Office Remote Code Execution Vulnerability
CVE-2018-1026 No No More Likely More Likely Important
CVE-2018-1030 No No More Likely More Likely Important
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-1032 No No Unlikely Unlikely Important
CVE-2018-1005 No No Unlikely Unlikely Important
CVE-2018-1014 No No Unlikely Unlikely Important
CVE-2018-1034 Yes No Unlikely Unlikely Important
Microsoft Visual Studio Information Disclosure Vulnerability
CVE-2018-1037 No No Unlikely Unlikely Important
Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability
CVE-2018-8117 No No Less Likely Less Likely Important
OpenType Font Driver Elevation of Privilege Vulnerability
CVE-2018-1008 No No More Likely More Likely Important
Scripting Engine Information Disclosure Vulnerability
CVE-2018-0987 No No More Likely More Likely Important
CVE-2018-0989 No No More Likely More Likely Important
CVE-2018-1000 No No More Likely More Likely Critical
CVE-2018-0981 No No More Likely More Likely Critical
Scripting Engine Memory Corruption Vulnerability
CVE-2018-0988 No No More Likely More Likely Critical
CVE-2018-0996 No No More Likely More Likely Critical
CVE-2018-1001 No No More Likely More Likely Important
Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-0963 No No Less Likely Less Likely Important
Windows Kernel Information Disclosure Vulnerability
CVE-2018-0887 No No Less Likely Less Likely Important
CVE-2018-0960 No No Less Likely Less Likely Important
CVE-2018-0968 No No Less Likely Less Likely Important
CVE-2018-0969 No No Less Likely Less Likely Important
CVE-2018-0970 No No Less Likely Less Likely Important
CVE-2018-0971 No No More Likely More Likely Important
CVE-2018-0972 No No Less Likely Less Likely Important
CVE-2018-0973 No No More Likely More Likely Important
CVE-2018-0974 No No Less Likely Less Likely Important
CVE-2018-0975 No No Less Likely Less Likely Important
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2018-0976 No No - - Important
Windows SNMP Service Denial of Service Vulnerability
CVE-2018-0967 No No Unlikely Unlikely Important
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-1004 No No More Likely More Likely Critical

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022

 Johannes

4479 Posts
ISC Handler
Apr 10th 2018
Thread locked Subscribe Apr 10th 2018
4 years ago

Sign Up for Free or Log In to start participating in the conversation!