March 2018 - Microsoft Releases 75 Security Patches
Publish Date: 28 marzo 2018
Data notifica: 14 marzo 2018
Descrizione
Microsoft addresses 75 vulnerabilities in its March security bulletin. Trend Micro Deep Security covers the following:
- CVE-2018-0934 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability. - CVE-2018-0872 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability. - CVE-2018-0930 - Chakra Scripting Engine Memory Corruption Vulnerabilit
Risk Rating: Critical
This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability. - CVE-2018-0903 - Microsoft Access Remote Code Execution Vulnerability
Risk Rating: Important
The vulnerability exists in the way Microsoft Access handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user. - CVE-2018-0935 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the scripting engine of several versions of Internet Explorer. In particular, the vulnerability lies in the way said browsers handles objects in memory. - CVE-2018-0855 - Windows EOT Font Engine Information Disclosure Vulnerability
Risk Rating: Important
This information disclosure vulnerability is addressed in the current security update from Microsoft. This vulnerbaility exists in the way Microsoft Windows Embedded OpenType (EOT) font engine processes specially crafted embedded fonts. - CVE-2018-0893 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability is addressed in the current security update from Microsoft. This vulnerability exists in the way the scripting engine handles objects in memory. - CVE-2018-0770 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability is addressed in the current security update from Microsoft. This vulnerability exists in the way the scripting engine handles objects in memory. - CVE-2018-0933 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
The vulnerability exists in the way the Chakra scripting engine in Microsoft Edge handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user. - CVE-2018-0889 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
The vulnerability exists in the way the scripting engine handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user. - CVE-2018-0817 - Windows GDI Elevation of Privilege Vulnerability
Risk Rating: Important
This elevation of privilege vulnerability in the Windows Graphics Device Interface (GDI) exists in the way it handles objects in memory. Attackers looking to exploit this vulnerability must be logged on to the system. - CVE-2018-0877 - Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
Risk Rating: Important
The vulnerability exists in the way Windows Desktop Bridge VFS manages file paths. Attackers looking to exploit this elevation of privilege vulnerability must be logged on to the system. - CVE-2018-0882 - Windows Desktop Bridge Elevation of Privilege Vulnerability
Risk Rating: Important
The vulnerability exists in the way Windows Desktop Bridge VFS manages the virtual registry. Attackers looking to exploit this elevation of privilege vulnerability must be logged on to the system. - CVE-2018-0874 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the Chakra scripting engine in Microsoft Edge. It is resolved by the update that modifies the way the said scripting engine handles objects in memory. - CVE-2018-0922 - Microsoft Office Memory Corruption Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in Microsoft Office. It is resolved by the update that corrects the way Microsoft Office handles objects in memory.
Informazioni esposizione:
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection Compatibility |
CVE-2018-09345 | 1008934 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0934) | 13-Mar-18 | YES |
CVE-2018-0872 | 1008922 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0872) | 13-Mar-18 | YES |
CVE-2018-0930 | 1008932 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0930) | 13-Mar-18 | YES |
CVE-2018-0903 | 1008930 | Microsoft Access Remote Code Execution Vulnerability (CVE-2018-0903) | 13-Mar-18 | YES |
CVE-2018-0935 | 1008935 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0935) | 13-Mar-18 | YES |
CVE-2018-0855 | 1008897 | Microsoft Windows EOT Font Engine Information Disclosure Vulnerability (CVE-2018-0855) | 13-Mar-18 | YES |
CVE-2018-0893 | 1008929 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0893) | 13-Mar-18 | YES |
CVE-2018-0770 | 1008900 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0770) | 13-Mar-18 | YES |
CVE-2018-0933 | 1008933 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0933) | 13-Mar-18 | YES |
CVE-2018-0889 | 1008928 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0889) | 13-Mar-18 | YES |
CVE-2018-0817, CVE-2018-0877, CVE-2018-0882 | 1008936 | Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (March-2018) | 13-Mar-18 | YES |
CVE-2018-0874 | 1008923 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0889) | 13-Mar-18 | YES |
CVE-2018-0922 | 1008931 | Microsoft Office Memory Corruption Vulnerability (CVE-2018-0922) | 13-Mar-18 | YES |