Microsoft Patch Tuesday - March 2018 Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 74 new vulnerabilities, with 14 of them rated critical and 59 of them rated important. These vulnerabilities impact Internet Explorer, Edge, Exchange, Scripting Engine, Windows Shell and more.

Critical Vulnerabilities This month, Microsoft is addressing 14 vulnerabilities that are rated as critical.

The vulnerabilities rated as critical are listed below:

CVE-2018-0872 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0874 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0876 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0889 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0893 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0925 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0930 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0931 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0932 - Microsoft Browser Information Disclosure Vulnerability
CVE-2018-0933 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0934 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0936 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0937 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0939 - Scripting Engine Information Disclosure Vulnerability

Important Vulnerabilities This month, Microsoft is addressing 59 vulnerabilities that are rated as important. Talos believes one of these is notable and should be called out.

CVE-2018-0883 - Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Windows Shell. This vulnerability could be exploited by an attacker convincing a user to open a specially crafted file via email, messaging, or other means. An attacker exploiting this vulnerability could execute arbitrary code in context of the current user.

Other vulnerabilities rated as important are listed below:

CVE-2018-0877 - Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
CVE-2018-0878 - Windows Remote Assistance Information Disclosure Vulnerability
CVE-2018-0879 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-0880 - Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2018-0881 - Microsoft Video Control Elevation of Privilege Vulnerability
CVE-2018-0882 - Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2018-0787 - ASP.NET Core Elevation Of Privilege Vulnerability
CVE-2018-0808 - ASP.NET Core Denial Of Service Vulnerability
CVE-2018-0811 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0813 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0814 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0815 - Windows GDI Elevation of Privilege Vulnerability
CVE-2018-0816 - Windows GDI Elevation of Privilege Vulnerability
CVE-2018-0817 - Windows GDI Elevation of Privilege Vulnerability
CVE-2018-0868 - Windows Installer Elevation of Privilege Vulnerability
CVE-2018-0873 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0875 - ASP.NET Core Denial of Service Vulnerability
CVE-2018-0884 - Windows Security Feature Bypass Vulnerability
CVE-2018-0885 - Windows Hyper-V Denial of Service Vulnerability
CVE-2018-0886 - CredSSP Remote Code Execution Vulnerability
CVE-2018-0888 - Hyper-V Information Disclosure Vulnerability
CVE-2018-0891 - Microsoft Browser Information Disclosure Vulnerability
CVE-2018-0894 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0895 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0896 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0897 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0898 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0899 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0900 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0901 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0902 - CNG Security Feature Bypass Vulnerability
CVE-2018-0903 - Microsoft Access Remote Code Execution Vulnerability
CVE-2018-0904 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0907 - Microsoft Office Excel Security Feature Bypass
CVE-2018-0909 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0910 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0911 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0912 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0913 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0914 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0915 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0916 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0917 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0919 - Microsoft Office Information Disclosure Vulnerability
CVE-2018-0921 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0922 - Microsoft Office Memory Corruption Vulnerability
CVE-2018-0923 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0926 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0927 - Microsoft Browser Information Disclosure Vulnerability
CVE-2018-0929 - Internet Explorer Information Disclosure Vulnerability
CVE-2018-0935 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0940 - Microsoft Exchange Elevation of Privilege Vulnerability
CVE-2018-0941 - Microsoft Exchange Information Disclosure Vulnerability
CVE-2018-0942 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2018-0944 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0947 - Microsoft Sharepoint Elevation of Privilege Vulnerability
CVE-2018-0977 - Win32k Elevation of Privilege Vulnerability
CVE-2018-0983 - Windows Storage Services Elevation of Privilege Vulnerability

Coverage In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

Snort Rules:
45873-45884
45887-45890
45892-45895
45900-45903