Microsoft Patch Tuesday - February 2018

Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 54 new vulnerabilities with 14 of them rated critical, 38 of them rated important, and 2 of them rated Moderate. These vulnerabilities impact Outlook, Edge, Scripting Engine, App Container, Windows, and more.

Critical Vulnerabilities
This month, Microsoft is addressing 14 vulnerabilities that are rated "critical." Talos believes one of these are notable and require prompt attention, detailed below.

CVE-2018-0852 - Microsoft Outlook Memory Corruption Vulnerability

A remote code execution vulnerability has been identified in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software.

Other vulnerabilities deemed Critical are listed below:

Important Vulnerabilities
This month, Microsoft is addressing 38 vulnerabilities that are rated "important." Talos believes one of these vulnerabilities is notable and requires prompt attention. These are detailed below.

CVE-2018-0850 - Microsoft Outlook Elevation of Privilege Vulnerability

A elevation of privilege vulnerability has been identified in Microsoft Outlook that manifest when it initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email.

Other vulnerabilities deemed Important are listed below:

Coverage
In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

Snort Rules:

  • 45624-45637
  • 45649-45650
  • 45654-45657
  • 45659-45660
  • 45673-45674
  • 40691-40692