April 2018 - Microsoft Releases Security Patches
Advisory Date: APR 11, 2018
DESCRIPTION
Microsoft addresses vulnerabilities in its April security bulletin. Trend Micro Deep Security covers the following:
- CVE-2018-0994 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability. - CVE-2018-1028 - Microsoft Office Graphics Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the handling of embedded fonts by Office graphics component. The Windows Font library is corrected by this specific patch. - CVE-2018-1010 - Microsoft Office Graphics Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch. - CVE-2018-1012 - Microsoft Graphics Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch. - CVE-2018-1013 - Microsoft Graphics Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch. - CVE-2018-1015 - Microsoft Graphics Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch. - CVE-2018-1016 - Microsoft Graphics Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch. - CVE-2018-1004 - Windows VBScript Engine Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability is addressed in the current security update from Microsoft. This vulnerability exists in the way the scripting engine handles objects in memory. - CVE-2018-1003 - Microsoft JET Database Engine Remote Code Execution Vulnerability
Risk Rating: Important
The buffer overflow vulnerability exists in the way the Microsoft JET Database handles objects in memory. When exploited successfully, it gives attackers control of the vulnerable system. - CVE-2017-11779 - Windows DNSAPI Remote Code Execution Vulnerability
Risk Rating: Critical
The vulnerability exists in the way the DNSAPI.dll component handles DNS responses. This remote code execution vulnerability, when exploited successfully, allows attackers to execute code of their choice on the vulnerable system. - CVE-2018-0993 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability. - CVE-2018-0986 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Risk Rating: Critical
The memory corruption vulnerability exists in the way Microsoft Malware Protection Engine scans a specially crafted file. This update corrects the vulnerability. - CVE-2018-1018 - Internet Explorer Memory Corruption Vulnerability
Risk Rating: Critical
The vulnerability exists in the way Internet Explorer accesses objects in memory. Attackers looking to exploit this remote code execution vulnerability must convince the user to click on a malicious link or find a way to entice user that will exploit this vulnerability. - CVE-2018-0998 - Microsoft Edge Information Disclosure Vulnerability
Risk Rating: Important
This information disclosure vulnerability exists in the Microsoft Edge PDF Reader. It is resolved by the update that modifies the way the said reader handles objects in memory. - CVE-2018-0883 - Windows Shell Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in Windows Shell. It is resolved by ensuring that Windows Shell has a way to validate file copy destinations. - CVE-2018-1026 - Microsoft Office Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in Microsoft Office. It is resolved by correcting the way Microsoft Office handles objects in memory. - CVE-2018-1011 - Microsoft Excel Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory. - CVE-2018-0991 - Internet Explorer Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in Internet Explorer. It is resolved by correcting the way Internet Explorer handles objects in memory. - CVE-2018-0995 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in Chakra scripting engine in Microsoft Edge. It is resolved by correcting the way Chakra scripting engine handles objects in memory. - CVE-2018-1001 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the scripting engine in Internet Explorer. It is resolved by correcting the way the scripting engine handles objects in memory. - CVE-2018-0990 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in Chakra scripting engine in Microsoft Edge. It is resolved by correcting the way Chakra scripting engine handles objects in memory. - CVE-2018-0996 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the scripting engine in Internet Explorer. It is resolved by correcting the way the scripting engine handles objects in memory. - CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802) - 1
Risk Rating: Important
This remote code execution vulnerability exists in Microsoft Office. It is resolved by removing the Equation Editor function. - CVE-2018-1029 - Microsoft Excel Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory. - CVE-2018-0878 - Windows Remote Assistance Information Disclosure Vulnerability
Risk Rating: Important
This information disclosure vulnerability exists in Windows Remote Assistance. It is resolved by correcting the way Windows Remote Assistance handles XML External Entities (XXE). - CVE-2018-0920 - Microsoft Excel Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory. - CVE-2018-0997 - Internet Explorer Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in Internet Explorer. It is resolved by correcting the way Internet Explorer handles objects in memory. - CVE-2018-0990 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in Chakra scripting engine in Microsoft Edge. It is resolved by correcting the way Chakra scripting engine handles objects in memory. - CVE-2018-1030 - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802) - 1
Risk Rating: Important
This remote code execution vulnerability exists in Microsoft Office. It is resolved by correcting the way Microsoft Office handles objects in memory. - CVE-2018-0988 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the scripting engine in Internet Explorer. It is resolved by correcting the way the scripting engine handles objects in memory. - CVE-2018-0988 - Internet Explorer Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the Internet Explorer. It is resolved by correcting the way Internet Explorer handles objects in memory. - CVE-2018-1027 - Microsoft Excel Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection Compatibility |
CVE-2018-0998 | 1009011 | Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0998) | 10-Apr-18 | YES |
CVE-2018-0980 | 1009001 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0980) | 10-Apr-18 | YES |
CVE-2018-0990 | 1009004 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0990) | 10-Apr-18 | YES |
CVE-2018-0993 | 1009006 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0993) | 10-Apr-18 | YES |
CVE-2018-0994 | 1009007 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0994) | 10-Apr-18 | YES |
CVE-2018-0995 | 1009008 | Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0995) | 10-Apr-18 | YES |
CVE-2018-0920 | 1009000 | Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-0920) | 10-Apr-18 | YES |
CVE-2018-1011 | 1009015 | Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1011) | 10-Apr-18 | YES |
CVE-2018-1027 | 1009022 | Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1027) | 10-Apr-18 | YES |
CVE-2018-1029 | 1009024 | Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1029) | 10-Apr-18 | YES |
CVE-2018-0870 | 1008999 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0870) | 10-Apr-18 | YES |
CVE-2018-0991 | 1009005 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0991) | 10-Apr-18 | YES |
CVE-2018-0997 | 1009010 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0997) | 10-Apr-18 | YES |
CVE-2018-1018 | 1009020 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-1018) | 10-Apr-18 | YES |
CVE-2018-0988 | 1009003 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0988) | 10-Apr-18 | YES |
CVE-2018-0996 | 1009009 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0996) | 10-Apr-18 | YES |
CVE-2018-1001 | 1009027 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-1001) | 10-Apr-18 | YES |
CVE-2018-1003 | 1009012 | Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-1003) | 10-Apr-18 | YES |
CVE-2018-0986 | 1009002 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2018-0986) | 10-Apr-18 | YES |
CVE-2018-1028 | 1009023 | Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2018-1028) | 10-Apr-18 | YES |
CVE-2018-1026 | 1009021 | Microsoft Office Remote Code Execution Vulnerability (CVE-2018-1026) | 10-Apr-18 | YES |
CVE-2018-1030 | 1009025 | Microsoft Office Remote Code Execution Vulnerability (CVE-2018-1030) | 10-Apr-18 | YES |
CVE-2018-1004 | 1009013 | Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-1004) | 10-Apr-18 | YES |