Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Microsoft March 2018 Patch Tuesday - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft March 2018 Patch Tuesday

March 2018 Security Updates (Preliminary. Work in Progress)

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity
.NET Core Denial of Service Vulnerability
CVE-2018-0875 No No Less Likely Less Likely Important
ASP.NET Core Denial of Service Vulnerability
CVE-2018-0808 Yes No - - Important
ASP.NET Core Elevation of Privilege Vulnerability
CVE-2018-0787 No No - - Important
CNG Security Feature Bypass Vulnerability
CVE-2018-0902 No No Less Likely Less Likely Important
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0930 No No - - Critical
CVE-2018-0931 No No - - Critical
CVE-2018-0933 No No - - Critical
CVE-2018-0934 No No - - Critical
CVE-2018-0936 No No - - Critical
CVE-2018-0937 No No - - Critical
CVE-2018-0872 No No - - Critical
CVE-2018-0873 No No - - Important
CVE-2018-0874 No No - - Critical
CredSSP Remote Code Execution Vulnerability
CVE-2018-0886 No No Less Likely Less Likely Important
Hyper-V Information Disclosure Vulnerability
CVE-2018-0888 No No Less Likely Less Likely Important
Internet Explorer Elevation of Privilege Vulnerability
CVE-2018-0942 No No - - Important
Internet Explorer Information Disclosure Vulnerability
CVE-2018-0929 No No More Likely More Likely Important
March 2018 Adobe Flash Security Update
ADV180006 No No - - Critical
Microsoft Access Remote Code Execution Vulnerability
CVE-2018-0903 No No Less Likely Less Likely Important
Microsoft Browser Information Disclosure Vulnerability
CVE-2018-0927 No No More Likely More Likely Important
CVE-2018-0932 No No - - Critical
Microsoft Edge Information Disclosure Vulnerability
CVE-2018-0879 No No - - Important
Microsoft Exchange Elevation of Privilege Vulnerability
CVE-2018-0940 Yes No Unlikely Unlikely Important
Microsoft Exchange Information Disclosure Vulnerability
CVE-2018-0924 No No Unlikely Unlikely Low
CVE-2018-0941 No No Unlikely Unlikely Important
Microsoft Office Excel Security Feature Bypass
CVE-2018-0907 No No More Likely More Likely Important
Microsoft Office Information Disclosure Vulnerability
CVE-2018-0919 No No More Likely More Likely Important
Microsoft Office Memory Corruption Vulnerability
CVE-2018-0922 No No - - Important
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0909 No No Less Likely Less Likely Important
CVE-2018-0910 No No Less Likely Less Likely Important
CVE-2018-0911 No No Less Likely Less Likely Important
CVE-2018-0912 No No Less Likely Less Likely Important
CVE-2018-0913 No No Less Likely Less Likely Important
CVE-2018-0914 No No Less Likely Less Likely Important
CVE-2018-0915 No No Less Likely Less Likely Important
CVE-2018-0916 No No Less Likely Less Likely Important
CVE-2018-0917 No No - - Important
CVE-2018-0921 No No - - Important
CVE-2018-0923 No No Less Likely Less Likely Important
CVE-2018-0944 No No Less Likely Less Likely Important
Microsoft Sharepoint Elevation of Privilege Vulnerability
CVE-2018-0947 No No Less Likely Less Likely Important
Microsoft Video Control Elevation of Privilege Vulnerability
CVE-2018-0881 No No Less Likely Less Likely Important
Scripting Engine Information Disclosure Vulnerability
CVE-2018-0891 No No More Likely More Likely Important
CVE-2018-0939 No No - - Critical
Scripting Engine Memory Corruption Vulnerability
CVE-2018-0889 No No More Likely More Likely Critical
CVE-2018-0893 No No - - Critical
CVE-2018-0935 No No More Likely More Likely Important
CVE-2018-0876 No No - - Critical
CVE-2018-0925 No No - - Critical
Win32k Elevation of Privilege Vulnerability
CVE-2018-0977 No No More Likely More Likely Important
Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2018-0880 No No Less Likely Less Likely Important
CVE-2018-0882 No No - - Important
Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
CVE-2018-0877 No No Less Likely Less Likely Important
Windows GDI Elevation of Privilege Vulnerability
CVE-2018-0816 No No - - Important
CVE-2018-0817 No No More Likely More Likely Important
CVE-2018-0815 No No - - Important
Windows Hyper-V Denial of Service Vulnerability
CVE-2018-0885 No No Less Likely Less Likely Important
Windows Installer Elevation of Privilege Vulnerability
CVE-2018-0868 No No Less Likely Less Likely Important
Windows Kernel Information Disclosure Vulnerability
CVE-2018-0811 No No More Likely More Likely Important
CVE-2018-0894 No No More Likely More Likely Important
CVE-2018-0895 No No More Likely More Likely Important
CVE-2018-0896 No No More Likely More Likely Important
CVE-2018-0897 No No More Likely More Likely Important
CVE-2018-0898 No No More Likely More Likely Important
CVE-2018-0899 No No More Likely More Likely Important
CVE-2018-0900 No No More Likely More Likely Important
CVE-2018-0901 No No More Likely More Likely Important
CVE-2018-0926 No No More Likely More Likely Important
CVE-2018-0813 No No More Likely More Likely Important
CVE-2018-0814 No No More Likely More Likely Important
CVE-2018-0904 No No More Likely More Likely Important
Windows Remote Assistance Information Disclosure Vulnerability
CVE-2018-0878 No No Less Likely Less Likely Important
Windows Security Feature Bypass Vulnerability
CVE-2018-0884 No No Less Likely Less Likely Important
Windows Shell Remote Code Execution Vulnerability
CVE-2018-0883 No No More Likely More Likely Important
Windows Storage Services Elevation of Privilege Vulnerability
CVE-2018-0983 No No More Likely More Likely Important

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

Johannes

3267 Posts
ISC Handler
Thank you!
Anonymous
Posts
Thanks Johannes!!
TuggDougins

38 Posts Posts
So I'm thinking about the CredSSP vulnerability. Based on this: https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

It seems if you have a Remote Desktop or RDSH server, you aren't actually protected unless it's set to forced, where unpatched clients cannot connect. But what I'm trying to figure out, is there any affect when a RAS box is accessed through a gateway?

I'm kind of wondering how many legitimate users might be blocked if we set to to forced, such as Macs running the OSX version of RD Desktop etc.
Anonymous
Posts
See https://support.microsoft.com/en-us/help/3125574/convenience-rollup-update-for-windows-7-sp1-and-windows-server-2008-r2 for (so far) 5 known issues with the Windows 7 SP1 and Windows Server 2008 R2 updates. KB4088875 and KB4088878

NIC issues, hitting VMware hard.
App V launch hanging at 100%
GPO backups failing (special secnarios)
robocopy mirroring (/MIR) not working as expected
32-bit apps unable to modify GPO in 64-bit WIndows

Source: Twitter GossiTheDog / woodyleonhard => MS
dotBATman

65 Posts Posts
That convenience roll-up patch is almost 2 years old.

What does that have to do with this month's updates?
K-Dee

64 Posts Posts
The update documentation from MS in 'https://support.microsoft.com/en-us/help/4088878' refers to 'https://support.microsoft.com/en-us/help/3125574/convenience-rollup-update-for-windows-7-sp1-and-windows-server-2008-r2' as the 'documented resolution'.
Anonymous
Posts
KB4088875 and KB4088878 released with March 2018 updates have been declared problematic for Windows 2008 and Windows 7 causing the network problem. I have experienced it on Windows 2008 servers (VMs) myself, It replaces the original Network configuration with a new one.You can follow http://www.thewindowsclub.com/show-non-present-devices-windows to resolve the issue. Good Luck Patching!
Anonymous
Posts
Quoting dotBATman:See https://support.microsoft.com/en-us/help/3125574/convenience-rollup-update-for-windows-7-sp1-and-windows-server-2008-r2 for (so far) 5 known issues with the Windows 7 SP1 and Windows Server 2008 R2 updates. KB4088875 and KB4088878

NIC issues, hitting VMware hard.
App V launch hanging at 100%
GPO backups failing (special secnarios)
robocopy mirroring (/MIR) not working as expected
32-bit apps unable to modify GPO in 64-bit WIndows

Source: Twitter GossiTheDog / woodyleonhard => MS



It seems things have been mixed up, March 2018 updates KB4088875 and KB4088878 only causing issue# 1 i.e. VNIC issue and convenience update article has been refereed to tackle the VNIC problem and not all of them. This issue can be addressed using link below as well;
http://www.thewindowsclub.com/show-non-present-devices-windows
Anonymous
Posts

Sign Up for Free or Log In to start participating in the conversation!