Advisory Date: 09 de maja de 2018

  DESCRIPTION

Microsoft addresses vulnerabilities in its May security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2018-8174 - Windows VBScript Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the VBScript engine of Windows. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0934 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the Chakra Scripting Engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8114 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8123 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0946 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8133 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the Chakra Scripting Engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8137 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0953 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0954 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer and Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8179 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Important

    The remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0955 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the scripting engine of Internet Explorer. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0951 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8122 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer and Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8158 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by the update that modifies the way Microsoft Office handles objects in memory.


  • CVE-2018-8157 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by the update that modifies the way Microsoft Office handles objects in memory.


  INFORMATION EXPOSURE

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection Compatibility
CVE-2018-8174 1009067 Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8174) 9-May-18 YES
CVE-2018-0934 1008934 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0934) 9-May-18 YES
CVE-2018-8114 1009081 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8114) 9-May-18 YES
CVE-2018-8123 1009078 Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8123) 9-May-18 YES
CVE-2018-0946 1009086 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0946) 9-May-18 YES
CVE-2018-8133 1009076 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8133) 9-May-18 YES
CVE-2018-8137 1009094 Microsoft Edge Out Of Bounds Read Vulnerability (CVE-2018-8137) 9-May-18 YES
CVE-2018-0953 1009084 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0953) 9-May-18 YES
CVE-2018-0954 1009083 Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0954) 9-May-18 YES
CVE-2018-8179 1009068 Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8179) 9-May-18 YES
CVE-2018-0955 1009082 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0955) 9-May-18 YES
CVE-2018-0951 1009085 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0951) 9-May-18 YES
CVE-2018-8122 1009079 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8122) 9-May-18 YES
CVE-2018-8158 1009072 Microsoft Office Remote Code Execution Vulnerability (CVE-2018-8158) 9-May-18 YES
CVE-2018-8157 1009073 Microsoft Office Remote Code Execution Vulnerability (CVE-2018-8157) 9-May-18 YES