Microsoft Patch Tuesday - April 2018
Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 65 new vulnerabilities and one advisory, with 25 of them rated critical, 39 of them rated important and one of them rated moderate. These vulnerabilities impact Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Windows kernel, Windows Hyper-V, Microsoft Scripting Engine and more.
In addition, an update for Adobe Flash Player was released.
Critical Vulnerabilities
This month, Microsoft is addressing 25 vulnerabilities that are rated "critical".
The vulnerabilities rated as "critical" are listed below:
CVE-2018-0870 - Internet Explorer Memory Corruption Vulnerability
CVE-2018-0959 - Hyper-V Remote Code Execution Vulnerability
CVE-2018-0979 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0980 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0981 - Scripting Engine Information Disclosure Vulnerability
CVE-2018-0986 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability
CVE-2018-0988 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0990 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0991 - Internet Explorer Memory Corruption Vulnerability
CVE-2018-0993 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0994 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0995 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0996 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-1000 - Scripting Engine Information Disclosure Vulnerability
CVE-2018-1004 - Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-1010 - Microsoft Graphics Remote Code Execution Vulnerability
CVE-2018-1012 - Microsoft Graphics Remote Code Execution Vulnerability
CVE-2018-1013 - Microsoft Graphics Remote Code Execution Vulnerability
CVE-2018-1015 - Microsoft Graphics Remote Code Execution Vulnerability
CVE-2018-1016 - Microsoft Graphics Remote Code Execution Vulnerability
CVE-2018-1018 - Internet Explorer Memory Corruption Vulnerability
CVE-2018-1019 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-1020 - Internet Explorer Memory Corruption Vulnerability
CVE-2018-1023 - Microsoft Browser Memory Corruption Vulnerability
ADV180007 - Adobe Flash Player April 2018 Adobe Flash Security Update
Important Vulnerabilities
This month, Microsoft is addressing 38 vulnerabilities that are rated "important". Talos believes six of these are notable and require prompt attention.
CVE-2018-1011 - Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative rights.
CVE-2018-1026 - Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE-2018-1027 - Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE-2018-1028 - Microsoft Office Graphics Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Office graphics improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE-2018-1029 - Microsoft Excel Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE-2018-1030 - Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Other vulnerabilities deemed "important" are listed below:
CVE-2018-0887 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0890 - Active Directory Security Feature Bypass Vulnerability
CVE-2018-0892 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-0920 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-0950 - Microsoft Office Information Disclosure Vulnerability
CVE-2018-0956 - HTTP.sys Denial of Service Vulnerability
CVE-2018-0957 - Hyper-V Information Disclosure Vulnerability
CVE-2018-0960 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0963 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-0964 - Hyper-V Information Disclosure Vulnerability
CVE-2018-0966 - Device Guard Security Feature Bypass Vulnerability
CVE-2018-0967 - Windows SNMP Service Denial of Service Vulnerability
CVE-2018-0968 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0969 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0970 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0971 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0972 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0973 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0974 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0975 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0976 - Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2018-0987 - Scripting Engine Information Disclosure Vulnerability
CVE-2018-0989 - Scripting Engine Information Disclosure Vulnerability
CVE-2018-0997 - Internet Explorer Memory Corruption Vulnerability
CVE-2018-0998 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-1001 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-1003 - Microsoft JET Database Engine Remote Code Execution Vulnerability
CVE-2018-1005 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-1008 - OpenType Font Driver Elevation of Privilege Vulnerability
CVE-2018-1009 - Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2018-1014 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-1032 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-1034 - Microsoft SharePoint Elevation of Privilege Vulnerability
Coverage In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
Snort Rules:
45628-45629
46163-46164
46176-46189
46192-46201
46204-46209
46212-46215
46218-36221
46226-46231
46233-46234
46243-46246