April 2018 - Microsoft Releases Security Patches

  Advisory Date: APR 11, 2018

  DESCRIPTION

Microsoft addresses vulnerabilities in its April security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2018-0994 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-1028 - Microsoft Office Graphics Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the handling of embedded fonts by Office graphics component. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1010 - Microsoft Office Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1012 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1013 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1015 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1016 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1004 - Windows VBScript Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability is addressed in the current security update from Microsoft. This vulnerability exists in the way the scripting engine handles objects in memory.


  • CVE-2018-1003 - Microsoft JET Database Engine Remote Code Execution Vulnerability
    Risk Rating: Important

    The buffer overflow vulnerability exists in the way the Microsoft JET Database handles objects in memory. When exploited successfully, it gives attackers control of the vulnerable system.


  • CVE-2017-11779 - Windows DNSAPI Remote Code Execution Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way the DNSAPI.dll component handles DNS responses. This remote code execution vulnerability, when exploited successfully, allows attackers to execute code of their choice on the vulnerable system.


  • CVE-2018-0993 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0986 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    The memory corruption vulnerability exists in the way Microsoft Malware Protection Engine scans a specially crafted file. This update corrects the vulnerability.


  • CVE-2018-1018 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way Internet Explorer accesses objects in memory. Attackers looking to exploit this remote code execution vulnerability must convince the user to click on a malicious link or find a way to entice user that will exploit this vulnerability.


  • CVE-2018-0998 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the Microsoft Edge PDF Reader. It is resolved by the update that modifies the way the said reader handles objects in memory.


  • CVE-2018-0883 - Windows Shell Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Windows Shell. It is resolved by ensuring that Windows Shell has a way to validate file copy destinations.


  • CVE-2018-1026 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by correcting the way Microsoft Office handles objects in memory.


  • CVE-2018-1011 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory.


  • CVE-2018-0991 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Internet Explorer. It is resolved by correcting the way Internet Explorer handles objects in memory.


  • CVE-2018-0995 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Chakra scripting engine in Microsoft Edge. It is resolved by correcting the way Chakra scripting engine handles objects in memory.


  • CVE-2018-1001 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the scripting engine in Internet Explorer. It is resolved by correcting the way the scripting engine handles objects in memory.


  • CVE-2018-0990 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Chakra scripting engine in Microsoft Edge. It is resolved by correcting the way Chakra scripting engine handles objects in memory.


  • CVE-2018-0996 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the scripting engine in Internet Explorer. It is resolved by correcting the way the scripting engine handles objects in memory.


  • CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802) - 1
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by removing the Equation Editor function.


  • CVE-2018-1029 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory.


  • CVE-2018-0878 - Windows Remote Assistance Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in Windows Remote Assistance. It is resolved by correcting the way Windows Remote Assistance handles XML External Entities (XXE).


  • CVE-2018-0920 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory.


  • CVE-2018-0997 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Internet Explorer. It is resolved by correcting the way Internet Explorer handles objects in memory.


  • CVE-2018-0990 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Chakra scripting engine in Microsoft Edge. It is resolved by correcting the way Chakra scripting engine handles objects in memory.


  • CVE-2018-1030 - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802) - 1
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by correcting the way Microsoft Office handles objects in memory.


  • CVE-2018-0988 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the scripting engine in Internet Explorer. It is resolved by correcting the way the scripting engine handles objects in memory.


  • CVE-2018-0988 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Internet Explorer. It is resolved by correcting the way Internet Explorer handles objects in memory.


  • CVE-2018-1027 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory.


  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection Compatibility
CVE-2018-0998 1009011 Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0998) 10-Apr-18 YES
CVE-2018-0980 1009001 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0980) 10-Apr-18 YES
CVE-2018-0990 1009004 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0990) 10-Apr-18 YES
CVE-2018-0993 1009006 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0993) 10-Apr-18 YES
CVE-2018-0994 1009007 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0994) 10-Apr-18 YES
CVE-2018-0995 1009008 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0995) 10-Apr-18 YES
CVE-2018-0920 1009000 Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-0920) 10-Apr-18 YES
CVE-2018-1011 1009015 Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1011) 10-Apr-18 YES
CVE-2018-1027 1009022 Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1027) 10-Apr-18 YES
CVE-2018-1029 1009024 Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1029) 10-Apr-18 YES
CVE-2018-0870 1008999 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0870) 10-Apr-18 YES
CVE-2018-0991 1009005 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0991) 10-Apr-18 YES
CVE-2018-0997 1009010 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0997) 10-Apr-18 YES
CVE-2018-1018 1009020 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-1018) 10-Apr-18 YES
CVE-2018-0988 1009003 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0988) 10-Apr-18 YES
CVE-2018-0996 1009009 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0996) 10-Apr-18 YES
CVE-2018-1001 1009027 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-1001) 10-Apr-18 YES
CVE-2018-1003 1009012 Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-1003) 10-Apr-18 YES
CVE-2018-0986 1009002 Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2018-0986) 10-Apr-18 YES
CVE-2018-1028 1009023 Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2018-1028) 10-Apr-18 YES
CVE-2018-1026 1009021 Microsoft Office Remote Code Execution Vulnerability (CVE-2018-1026) 10-Apr-18 YES
CVE-2018-1030 1009025 Microsoft Office Remote Code Execution Vulnerability (CVE-2018-1030) 10-Apr-18 YES
CVE-2018-1004 1009013 Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-1004) 10-Apr-18 YES