Advisory Date: 10 de stycznia de 2018

  DESCRIPTION

Microsoft addresses 56 vulnerabilities in its January batch of patches.

  • CVE-2018-0804 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Low

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0805 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0806 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0807 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0812 - Microsoft Word Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0818 - Scripting Engine Security Feature Bypass
    Risk Rating: Important

    A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed. An attacker could use the CFG bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system. The security update addresses the CFG bypass vulnerability by helping to ensure that the Microsoft Chakra scripting engine properly handles accessing memory.


  • CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for MAC
    Risk Rating: Important

    A spoofing vulnerability exists when Microsoft Outlook for MAC does not properly handle the encoding and display of email addresses. This improper handling and display may cause antivirus or antispam scanning to not work as intended. The security update addresses the vulnerability by correcting how Outlook for MAC displays encoded email addresses.


  • CVE-2018-0746 - Windows Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


  • CVE-2018-0747 - Windows Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


  • CVE-2018-0748 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


  • CVE-2018-0748 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


  • CVE-2018-0751 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


  • CVE-2018-0752 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


  • CVE-2018-0753 - Windows IPSec Denial of Service Vulnerability
    Risk Rating: Important

    A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. The security update addresses the vulnerability by correcting how Windows handles objects in memory.


  • CVE-2018-0750 - Windows GDI Information Disclosure Vulnerability
    Risk Rating: Important

    A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


  • CVE-2018-0773 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0774 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0781 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0784 - ASP.NET Core Elevation Of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests. An attacker who successfully exploited this vulnerability could perform content injection attacks and run script in the security context of the logged-on user. The security update addresses the vulnerability by correcting the ASP.NET Core project templates.


  • CVE-2018-0786 - .NET Security Feature Bypass Vulnerability
    Risk Rating: Important

    A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. The security update addresses the vulnerability by helping to ensure that .NET Framework (and .NET Core) components completely validate certificates.


  • CVE-2018-0788 - OpenType Font Driver Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. The security update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory.


  • CVE-2018-0795 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.


  • CVE-2018-0797 - Microsoft Word Memory Corruption Vulnerability
    Risk Rating: Critical

    An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by changing the way Microsoft Office software handles RTF content.


  • CVE-2018-0799 - Microsoft Access Tampering Vulnerability
    Risk Rating: Important

    A cross-site-scripting (XSS) vulnerability exists when Microsoft Access does not properly sanitize inputs to image fields edited within Design view. An attacker could exploit the vulnerability by sending a specially crafted file to a victim, or by hosting the file on a web server. The security update addresses the vulnerability by helping to ensure that Microsoft Access properly sanitizes image field values.


  • CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0801 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0803 - Microsoft Edge Elevation of Privilege Vulnerability
    Risk Rating: Risk Rating: Low

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. The security update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Microsoft Edge.


  • CVE-2018-0800 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Critical

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.


  • CVE-2018-0741 - Microsoft Color Management Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. The security update addresses the vulnerability by correcting how Color Management Module handles objects in memory.


  • CVE-2018-0743 - Windows Subsystem for Linux Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.


  • CVE-2018-0744 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


  • CVE-2018-0745 - Windows Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


  • CVE-2018-0749 - SMB Server Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. The update addresses the vulnerability by correcting how Windows SMB Server handles such specially crafted files.


  • CVE-2018-0754 - OpenType Font Driver Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. The update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory.


  • CVE-2018-0758 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0762 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0766 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory.


  • CVE-2018-0767 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Critical

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.


  • CVE-2018-0768 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0764 - .NET and .NET Core Denial Of Service Vulnerability
    Risk Rating: Important

    A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. The update addresses the vulnerability by correcting how a .NET, and .NET core, applications handles XML document processing


  • CVE-2018-0769 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0770 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0772 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0775 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0776 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0777 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0778 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0780 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Moderate

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.


  • CVE-2018-0785 - ASP.NET Core Cross Site Request Forgery Vulnerabilty
    Risk Rating: Moderate

    A Cross Site Request Forgery (CSRF) vulnerability exists when a ASP.NET Core web application is created using vulnerable project templates. An attacker who successfully exploited this vulnerability could change the recovery codes associated with the victim's user account without his/her consent. The update corrects the ASP.NET Core project templates.


  • CVE-2018-0789 - Microsoft SharePoint Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


  • CVE-2018-0790 - Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


  • CVE-2018-0791 - Microsoft Outlook Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. The security update addresses the vulnerability by correcting the way that Microsoft Outlook parses specially crafted email messages.


  • CVE-2018-0792 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.


  • CVE-2018-0793 - Microsoft Outlook Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. The security update addresses the vulnerability by correcting the way that Microsoft Outlook parses specially crafted email messages.


  • CVE-2018-0794 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.


  • CVE-2018-0796 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.


  • CVE-2018-0798 - Microsoft Office Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  INFORMATION EXPOSURE

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility
CVE-2018-0797 1008831 Microsoft Word Memory Corruption Vulnerability (CVE-2018-0797) 9-Jan-18 YES
CVE-2017-5753, CVE-2017-5715 1008828 Speculative Execution Information Disclosure Vulnerabilities (Spectre) 9-Jan-18 YES