This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
.NET Framework | CVE-2018-0786 | .NET Security Feature Bypass Vulnerability |
.NET Framework | CVE-2018-0764 | .NET and .NET Core Denial Of Service Vulnerability |
Adobe Flash Player | ADV180001 | January 2018 Adobe Flash Security Update |
ASP .NET | CVE-2018-0784 | ASP.NET Core Elevation Of Privilege Vulnerability |
ASP.NET | CVE-2018-0785 | ASP.NET Core Cross Site Request Forgery Vulnerabilty |
Graphic Fonts | CVE-2018-0788 | OpenType Font Driver Elevation of Privilege Vulnerability |
Graphic Fonts | CVE-2018-0754 | OpenType Font Driver Information Disclosure Vulnerability |
Microsoft Browsers | CVE-2018-0762 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Browsers | CVE-2018-0772 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Edge | CVE-2018-0803 | Microsoft Edge Elevation of Privilege Vulnerability |
Microsoft Edge | CVE-2018-0766 | Microsoft Edge Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2018-0750 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2018-0741 | Microsoft Color Management Information Disclosure Vulnerability |
Microsoft Office | CVE-2018-0802 | Microsoft Office Memory Corruption Vulnerability |
Microsoft Office | CVE-2018-0798 | Microsoft Office Memory Corruption Vulnerability |
Microsoft Office | ADV180003 | Microsoft Office Defense in Depth Update |
Microsoft Office | CVE-2018-0801 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0791 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0792 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0793 | Microsoft Outlook Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0790 | Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability |
Microsoft Office | CVE-2018-0794 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0796 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0789 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Office | CVE-2018-0812 | Microsoft Word Memory Corruption Vulnerability |
Microsoft Office | CVE-2018-0819 | Spoofing Vulnerability in Microsoft Office for MAC |
Microsoft Office | CVE-2018-0804 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0805 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0806 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0807 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0799 | Microsoft Access Tampering Vulnerability |
Microsoft Office | CVE-2018-0795 | Microsoft Office Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-0797 | Microsoft Word Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0775 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0818 | Scripting Engine Security Feature Bypass |
Microsoft Scripting Engine | CVE-2018-0770 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0769 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0778 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0780 | Scripting Engine Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2018-0776 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0777 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0781 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0758 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0773 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0774 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0768 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-0800 | Scripting Engine Information Disclosure Vulnerability |
Microsoft Scripting Engine | CVE-2018-0767 | Scripting Engine Information Disclosure Vulnerability |
Microsoft Windows | CVE-2018-0753 | Windows IPSec Denial of Service Vulnerability |
Side-Channel | ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities |
Windows Kernel | CVE-2018-0751 | Windows Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2018-0746 | Windows Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0744 | Windows Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2018-0745 | Windows Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0752 | Windows Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2018-0747 | Windows Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-0748 | Windows Elevation of Privilege Vulnerability |
Windows SMB Server | CVE-2018-0749 | SMB Server Elevation of Privilege Vulnerability |
Windows Subsystem for Linux | CVE-2018-0743 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
ADV180003 MITRE NVD |
CVE Title: Microsoft Office Defense in Depth Update
Description: Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Unkwown | Defense in Depth |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
ADV180003 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2007 Service Pack 3 | 4011201 (Security Update) | None | Defense in Depth | 4011063 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011611 (Security Update) | None | Defense in Depth | 4011055 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011611 (Security Update) | None | Defense in Depth | 4011055 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 RT Service Pack 1 | 4011636 (Security Update) | None | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4011636 (Security Update) | None | Defense in Depth | 4011103 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4011636 (Security Update) | None | Defense in Depth | 4011103 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4011622 (Security Update) | None | Defense in Depth | 4011038 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4011622 (Security Update) | None | Defense in Depth | 4011038 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | None | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | None | Defense in Depth | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
ADV180003 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0804 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882 FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Low | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0804 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2007 Service Pack 3 | 4011656 (Security Update) | Low | Remote Code Execution | 4011604 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011610 (Security Update) | Low | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011610 (Security Update) | Low | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4011651 (Security Update) | Low | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4011651 (Security Update) | Low | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4011574 (Security Update) | Low | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4011574 (Security Update) | Low | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | Low | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | Low | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Compatibility Pack Service Pack 3 | 4011607 (Security Update) | Low | Remote Code Execution | 4011265 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2007 Service Pack 3 | 4011657 (Security Update) | Low | Remote Code Execution | 4011608 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4011659 (Security Update) | Low | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4011659 (Security Update) | Low | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4011651 (Security Update) | Low | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4011651 (Security Update) | Low | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4011651 (Security Update) | Low | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4011643 (Security Update) | Low | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4011643 (Security Update) | Low | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2018-0804 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0805 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882 FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0805 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2007 Service Pack 3 | 4011656 (Security Update) | Important | Remote Code Execution | 4011604 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Compatibility Pack Service Pack 3 | 4011607 (Security Update) | Important | Remote Code Execution | 4011265 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2007 Service Pack 3 | 4011657 (Security Update) | Important | Remote Code Execution | 4011608 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4011651 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2018-0805 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0806 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882 FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0806 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2007 Service Pack 3 | 4011656 (Security Update) | Important | Remote Code Execution | 4011604 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Compatibility Pack Service Pack 3 | 4011607 (Security Update) | Important | Remote Code Execution | 4011265 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2007 Service Pack 3 | 4011657 (Security Update) | Important | Remote Code Execution | 4011608 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4011651 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2018-0806 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0807 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882 FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0807 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2007 Service Pack 3 | 4011656 (Security Update) | Important | Remote Code Execution | 4011604 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Compatibility Pack Service Pack 3 | 4011607 (Security Update) | Important | Remote Code Execution | 4011265 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2007 Service Pack 3 | 4011657 (Security Update) | Important | Remote Code Execution | 4011608 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4011651 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4011651 (Security Update) | Important | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2018-0807 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0812 MITRE NVD |
CVE Title: Microsoft Word Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882 FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0812 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2007 Service Pack 3 | 4011656 (Security Update) | Important | Remote Code Execution | 4011604 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Compatibility Pack Service Pack 3 | 4011607 (Security Update) | Important | Remote Code Execution | 4011265 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2007 Service Pack 3 | 4011657 (Security Update) | Important | Remote Code Execution | 4011608 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2018-0812 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0818 MITRE NVD |
CVE Title: Scripting Engine Security Feature Bypass
Description: A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed. By itself, the CFG bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the CFG bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system. To exploit the CFG bypass vulnerability, a user must be logged on to the Microsoft Chakra scripting engine and running it. The user would then need to browse to a malicious website. The security update addresses the CFG bypass vulnerability by helping to ensure that the Microsoft Chakra scripting engine properly handles accessing memory. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to include ChakraCore for this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0818 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Update) | Important | Security Feature Bypass | None | Base: 4.30 Temporal: 3.90 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0818 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0819 MITRE NVD |
CVE Title: Spoofing Vulnerability in Microsoft Office for MAC
Description: A spoofing vulnerability exists when Microsoft Outlook for MAC does not properly handle the encoding and display of email addresses. This improper handling and display may cause antivirus or antispam scanning to not work as intended. To exploit the vulnerability, an attacker could send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing. The security update addresses the vulnerability by correcting how Outlook for MAC displays encoded email addresses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0819 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Spoofing | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2018-0819 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0746 MITRE NVD |
CVE Title: Windows Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0746 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Information Disclosure | 4053578 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Information Disclosure | 4053578 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Information Disclosure | 4054520 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Information Disclosure | 4054520 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0746 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0747 MITRE NVD |
CVE Title: Windows Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0747 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Information Disclosure | 4053578 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Information Disclosure | 4053578 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4056613 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4056613 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4056613 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4056613 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4056613 (Security Update) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Information Disclosure | 4054520 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Information Disclosure | 4054520 |
Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0747 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0748 MITRE NVD |
CVE Title: Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0748 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Elevation of Privilege | 4054518 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Elevation of Privilege | 4054518 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4056615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4056615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4056615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4056615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4056615 (Security Update) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Elevation of Privilege | 4054518 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Elevation of Privilege | 4054518 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Elevation of Privilege | 4054518 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Elevation of Privilege | 4054520 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Elevation of Privilege | 4054520 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0748 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0751 MITRE NVD |
CVE Title: Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0751 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Elevation of Privilege | 4054520 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Elevation of Privilege | 4054520 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0751 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0752 MITRE NVD |
CVE Title: Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0752 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Elevation of Privilege | 4054520 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Elevation of Privilege | 4054520 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0752 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0753 MITRE NVD |
CVE Title: Windows IPSec Denial of Service Vulnerability
Description: A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources. The security update addresses the vulnerability by correcting how Windows handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0753 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Denial of Service | 4053581 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Denial of Service | 4053581 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Denial of Service | 4053578 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Denial of Service | 4053578 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Denial of Service | 4053579 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Denial of Service | 4053579 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Denial of Service | 4053580 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Denial of Service | 4053580 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Denial of Service | 4054517 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Denial of Service | None | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Denial of Service | None | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Denial of Service | 4054520 |
Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Denial of Service | 4054520 |
Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Denial of Service | None | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Denial of Service | None | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4056890 (Security Update) | Important | Denial of Service | 4053579 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Denial of Service | 4053579 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Denial of Service | 4054517 | Base: 5.90 Temporal: 5.30 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0753 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0750 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0750 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4056944 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4056944 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4056944 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4056944 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4056944 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0750 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0773 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to include ChakraCore for this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0773 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0773 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0774 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to include ChakraCore for this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0774 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0774 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0781 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-05T08:00:00     Revised the Affected Products table to include ChakraCore for this vulnerability. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0781 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Critical | Remote Code Execution | 4053578 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Critical | Remote Code Execution | 4053578 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Critical | Remote Code Execution | 4053579 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Critical | Remote Code Execution | 4053579 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Critical | Remote Code Execution | 4053580 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Critical | Remote Code Execution | 4053580 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4056890 (Security Update) | Critical | Remote Code Execution | 4053579 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0781 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0784 MITRE NVD |
CVE Title: ASP.NET Core Elevation Of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests. An attacker who successfully exploited this vulnerability could perform content injection attacks and run script in the security context of the logged-on user. To exploit the vulnerability, an attacker could send a specially crafted email, containing a malicious link, to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. However, in all cases to exploit this vulnerability a user must click a maliciously crafted link from an attacker. The security update addresses the vulnerability by correcting the ASP.NET Core project templates. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0784 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ASP.NET Core 2.0 | Commit (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
ASP.NET Core 2.0 on Windows 10 Version 1703 for 32-bit Systems | Commit (Security Update) | Important | Elevation of Privilege | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0784 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0786 MITRE NVD |
CVE Title: .NET Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings. The security update addresses the vulnerability by helping to ensure that .NET Framework (and .NET Core) components completely validate certificates. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0786 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
.NET Core 1.0 | Commit (Security Update) | Important | Security Feature Bypass | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
.NET Core 2.0 | Commit (Security Update) | Important | Security Feature Bypass | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4054996 (Monthly Rollup) 4054174 (Security Only) |
Important | Security Feature Bypass | 4049019, 4041086 3122646 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4054996 (Monthly Rollup) 4054174 (Security Update) |
Important | Security Feature Bypass | 4049019, 4041086 3122646 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4054996 (Monthly Rollup) 4054174 (Security Only) |
Important | Security Feature Bypass | 4049019, 4041086 3122646 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4054996 (Monthly Rollup) 4054174 (Security Only) |
Important | Security Feature Bypass | 4049019, 4041086 3122646 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4054996 (Monthly Rollup) 4054174 (Security Update) |
Important | Security Feature Bypass | 4049019, 4041086 3122646 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4054996 (Monthly Rollup) 4054174 (Security Only) |
Important | Security Feature Bypass | 4049019, 4041086 3122646 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Security Feature Bypass | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Security Feature Bypass | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Security Feature Bypass | 4053578 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Security Feature Bypass | 4053578 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Security Feature Bypass | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Security Feature Bypass | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Security Feature Bypass | 4053580 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Security Feature Bypass | 4053580 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Security Feature Bypass | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Security Feature Bypass | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems | 4054999 (Monthly Rollup) 4054177 (Security Only) |
Important | Security Feature Bypass | 4049017, 4041085 3122651 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems | 4054999 (Monthly Rollup) 4054182 (Security Only) |
Important | Security Feature Bypass | 4049017, 4041085 3122660 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 | 4054997 (Monthly Rollup) 4054175 (Security Only) |
Important | Security Feature Bypass | 4049018, 4041084 3122655, 3122658 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) | 4054997 (Monthly Rollup) 4054175 (Security Only) |
Important | Security Feature Bypass | 4049018, 4041084 3122655, 3122658 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 | 4054999 (Monthly Rollup) 4054177 (Security Only) |
Important | Security Feature Bypass | 4049017, 4041085 3122651 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) | 4054999 (Monthly Rollup) 4054177 (Security Only) |
Important | Security Feature Bypass | 4049017, 4041085 3122651 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5 on Windows Server 2016 | 4056890 (Security Update) | Important | Security Feature Bypass | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Security Feature Bypass | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5 on Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Security Feature Bypass | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 | 4054998 (Monthly Rollup) 4054176 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 2973112, 3122648 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 | 4054998 (Monthly Rollup) 4054176 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 2973112, 3122648 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4054998 (Monthly Rollup) 4054176 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 2973112, 3122648 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4054998 (Monthly Rollup) 4054176 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 2973112, 3122648 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4054998 (Monthly Rollup) 4054176 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 2973112, 3122648 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 | 4054995 (Monthly Rollup) 4054172 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 3122656 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 | 4054995 (Monthly Rollup) 4054172 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 3122656 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems | 4054993 (Monthly Rollup) 4054170 (Security Only) |
Important | Security Feature Bypass | 4049017, 4041085 3122654 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems | 4054170 (Security Only) 4054993 (Monthly Rollup) |
Important | Security Feature Bypass | 3122654 4049017, 4041085 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows RT 8.1 | 4054993 (Monthly Rollup) | Important | Security Feature Bypass | 4049017, 4041085 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4054172 (Security Only) 4054995 (Monthly Rollup) |
Important | Security Feature Bypass | 3122656 4049017, 4041086 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4054172 (Security Only) 4054995 (Monthly Rollup) |
Important | Security Feature Bypass | 3122656 4049017, 4041086 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4054995 (Monthly Rollup) 4054172 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 3122656 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4054995 (Monthly Rollup) 4054172 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 3122656 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 | 4054994 (Monthly Rollup) 4054171 (Security Only) |
Important | Security Feature Bypass | 4049018, 4041084 3122655 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) | 4054994 (Monthly Rollup) 4054171 (Security Only) |
Important | Security Feature Bypass | 4049018, 4041084 3122655 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 | 4054170 (Security Only) 4054993 (Monthly Rollup) |
Important | Security Feature Bypass | 3122654 4049017, 4041085 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) | 4054170 (Security Only) 4054993 (Monthly Rollup) |
Important | Security Feature Bypass | 3122654 4049017, 4041085 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6 on Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Security Feature Bypass | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6 on Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Security Feature Bypass | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4054183 (Security Only) 4055002 (Monthly Rollup) |
Important | Security Feature Bypass | 3122661 4049019, 4041086 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4055002 (Monthly Rollup) 4054183 (Security Only) |
Important | Security Feature Bypass | 4049019, 4041086 3122661 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6.1 on Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Security Feature Bypass | 4053578 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6.1 on Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Security Feature Bypass | 4053578 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6.2/4.7 on Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Security Feature Bypass | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6.2/4.7 on Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Security Feature Bypass | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6.2/4.7 on Windows Server 2016 | 4056890 (Security Update) | Important | Security Feature Bypass | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6.2/4.7 on Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Security Feature Bypass | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 7 for 32-bit Systems Service Pack 1 | 4055002 (Monthly Rollup) 4054183 (Security Only) |
Important | Security Feature Bypass | 4041083; 4049016 3122661 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 7 for x64-based Systems Service Pack 1 | 4055002 (Monthly Rollup) 4054183 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 3122661 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 8.1 for 32-bit systems | 4054182 (Security Only) 4055001 (Monthly Rollup) |
Important | Security Feature Bypass | 3122660 4049017, 4041085 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 8.1 for x64-based systems | 4054182 (Security Only) 4055001 (Monthly Rollup) |
Important | Security Feature Bypass | 3122660 4049017, 4041085 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows RT 8.1 | 4055001 (Monthly Rollup) | Important | Security Feature Bypass | 4049017, 4041085 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4055002 (Monthly Rollup) 4054183 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 3122661 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4055002 (Monthly Rollup) 4054183 (Security Only) |
Important | Security Feature Bypass | 4049016, 4041083 3122661 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 | 4055000 (Monthly Rollup) 4054181 (Security Only) |
Important | Security Feature Bypass | 4049018, 4041084 3122658 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 (Server Core installation) | 4055000 (Monthly Rollup) 4054181 (Security Only) |
Important | Security Feature Bypass | 4049018, 4041084 3122658 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 R2 | 4054182 (Security Only) 4055001 (Monthly Rollup) |
Important | Security Feature Bypass | 3122660 4049017, 4041085 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 R2 (Server Core installation) | 4054182 (Security Only) 4055001 (Monthly Rollup) |
Important | Security Feature Bypass | 3122660 4049017, 4041085 |
Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft .NET Framework 4.7 on Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Security Feature Bypass | 4053580 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7 on Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Security Feature Bypass | 4053580 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7.1 on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Security Feature Bypass | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7.1 on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Security Feature Bypass | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft .NET Framework 4.7.1 on Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Security Feature Bypass | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0786 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0788 MITRE NVD |
CVE Title: OpenType Font Driver Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, an attacker would first have to log on to a target system and then run a specially crafted application. The security update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0788 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4056941 (Security Update) | Important | Information Disclosure | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4056941 (Security Update) | Important | Information Disclosure | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4056941 (Security Update) | Important | Information Disclosure | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4056941 (Security Update) | Important | Information Disclosure | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4056941 (Security Update) | Important | Information Disclosure | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Information Disclosure | 4054520 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Information Disclosure | 4054520 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0788 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0795 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0795 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011611 (Security Update) | Important | Remote Code Execution | 4011055 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011611 (Security Update) | Important | Remote Code Execution | 4011055 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 RT Service Pack 1 | 4011636 (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4011636 (Security Update) | Important | Remote Code Execution | 4011103 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4011636 (Security Update) | Important | Remote Code Execution | 4011103 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4011632 (Security Update) | Important | Remote Code Execution | 3191944 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4011632 (Security Update) | Important | Remote Code Execution | 3191944 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2018-0795 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0797 MITRE NVD |
CVE Title: Microsoft Word Memory Corruption Vulnerability
Description: An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by changing the way Microsoft Office software handles RTF content. FAQ: I have Microsoft Word 2010 installed. Why am I not being offered the 4011658 update? The 4011658 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update. I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update? When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component. For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table. For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update. Why is there a separate update for Word Viewer The Word Viewer update (4011641) is only supported, and will only install from Microsoft Update, if it’s on Windows Embedded POSReady 2009. This is because Word Viewer ships pre-installed in Windows Embedded POSReady 2009, which is still in support. For other platforms, Word Viewer is no longer supported. Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0797 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011658 (Security Update) | Critical | Remote Code Execution | 4011612 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011658 (Security Update) | Critical | Remote Code Execution | 4011612 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Compatibility Pack Service Pack 3 | 4011607 (Security Update) | Critical | Remote Code Execution | 4011265 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office Online Server 2016 | 4011021 (Security Update) | Critical | Remote Code Execution | 4011020 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office Web Apps 2010 Service Pack 2 | 4011615 (Security Update) | Critical | Remote Code Execution | 4011271 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office Web Apps Server 2013 Service Pack 1 | 4011648 (Security Update) | Critical | Remote Code Execution | 4011247 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office Word Viewer | 4011641 (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4011579 (Security Update) | Critical | Remote Code Execution | 4011245 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2016 | 4011642 (Security Update) | Critical | Remote Code Execution | 4011576 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Server 2010 Service Pack 2 | 4011609 (Security Update) | Critical | Remote Code Execution | 4011267 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2007 Service Pack 3 | 4011657 (Security Update) | Critical | Remote Code Execution | 4011608 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4011659 (Security Update) | Critical | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4011659 (Security Update) | Critical | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4011651 (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4011651 (Security Update) | Critical | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4011651 (Security Update) | Critical | Remote Code Execution | 4011590 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4011643 (Security Update) | Critical | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4011643 (Security Update) | Critical | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2018-0797 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0799 MITRE NVD |
CVE Title: Microsoft Access Tampering Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft Access does not properly sanitize inputs to image fields edited within Design view. An attacker could exploit the vulnerability by sending a specially crafted file to a victim, or by hosting the file on a web server. The attacker who successfully exploited the vulnerability could then run javascript in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on a remote site on behalf of the user, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Microsoft Access properly sanitizes image field values. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Tampering |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0799 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4011599 (Security Update) | Important | Tampering | 3178633 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Enterprise Server 2016 | 4011642 (Security Update) | Important | Tampering | 4011576 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2018-0799 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0802 MITRE NVD |
CVE Title: Microsoft Office Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882 FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | Exploitation Unlikely | Not Applicable | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2018-0802 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2007 Service Pack 3 | 4011656 (Security Update) | Important | Remote Code Execution | 4011604 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Compatibility Pack Service Pack 3 | 4011607 (Security Update) | Important | Remote Code Execution | 4011265 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2007 Service Pack 3 | 4011657 (Security Update) | Important | Remote Code Execution | 4011608 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2018-0802 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0801 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882 FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0801 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Office 2007 Service Pack 3 | 4011656 (Security Update) | Important | Remote Code Execution | 4011604 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4011610 (Security Update) | Important | Remote Code Execution | 4011618 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4011574 (Security Update) | Important | Remote Code Execution | 4011262 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office Compatibility Pack Service Pack 3 | 4011607 (Security Update) | Important | Remote Code Execution | 4011265 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2007 Service Pack 3 | 4011657 (Security Update) | Important | Remote Code Execution | 4011608 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4011659 (Security Update) | Important | Remote Code Execution | 4011614 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4011580 (Security Update) | Important | Remote Code Execution | 3162047 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (32-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Word 2016 (64-bit edition) | 4011643 (Security Update) | Important | Remote Code Execution | 4011575 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2018-0801 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0803 MITRE NVD |
CVE Title: Microsoft Edge Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Microsoft Edge. The security update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Microsoft Edge. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. |
Low | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0803 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Edge on Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4056890 (Security Update) | Low | Elevation of Privilege | 4053579 | Base: 3.10 Temporal: 2.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0803 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0800 MITRE NVD |
CVE Title: Scripting Engine Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to include ChakraCore for this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Critical | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0800 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Update) | Critical | Information Disclosure | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Critical | Information Disclosure | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Critical | Information Disclosure | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0800 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
ADV180002 MITRE NVD |
CVE Title: Guidance to mitigate speculative execution side-channel vulnerabilities
Description: Executive SummaryMicrosoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors. Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. See below for more details. Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues working closely with industry partners including chip makers, hardware OEMs and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This may include microcode from device OEMs and in some cases updates to AV software as well. This advisory addresses the following vulnerabilities:
Recommended ActionsFor consumers, the best protection is to keep your computers up to date. You can do this by taking advantage of automatic update. Learn how to turn on automatic updates here. In addition to installing the January 2018 Windows security updates, you may also need to install firmware updates from your device manufacturer for increased protection. Check with your device manufacturer for relevant updates. If automatic updates are enabled, the January 2018 Windows security update will be offered to the devices running supported anti-virus (AV) applications. Updates can be installed in any order.
Customers using Surface products need to apply both firmware and software updates. See Microsoft Knowledge Base Article 4073065 article for more information. Potential performance impactsIn testing Microsoft has seen some performance impact with these mitigations. For most consumer devices, the impact may not be noticeable, however, the specific impact varies by hardware generation and implementation by the chip manufacturer. Microsoft values the security of its software and services and has made the decision to implement certain mitigation strategies in an effort to better secure our products. We continue to work with hardware vendors to improve performance while maintaining a high level of security. Advisory DetailsVulnerabilities DescriptionSpeculative execution side-channel vulnerabilities can be used to read the content of memory across a trusted boundary and can therefore lead to information disclosure. There are multiple vectors by which an attacker could trigger the vulnerabilities depending on the configured environment. Microsoft has been working with hardware and software makers to jointly develop mitigations to protect customers across Microsoft’s products and services. These mitigations prevent attackers from triggering a weakness in the CPU which could allow the contents of memory to be disclosed. Microsoft Windows client customersIn client scenarios, a malicious user mode application could be used to disclose the contents of kernel memory. Customers using Windows client operating systems including Windows 7 Service Pack 1, Windows 8.1, and Windows 10 need to apply both firmware and software updates. See Microsoft Knowledge Base Article 4073119 for additional information. Customers using Microsoft Surface and Surface Book products need to apply both firmware and software updates. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Microsoft will continue to work closely with industry partners to improve mitigations against this class of vulnerabilities. Microsoft Windows Server customersIn server scenarios, a malicious user-mode application could be used to disclose the contents of kernel memory. In other multi-tenant hosting environments, a virtual machine could read the memory of the host operating system or the memory of other guest operating systems running on the same physical machine. Customers using Windows server operating systems including Windows Server 2008 R2 Service Pack 1, Windows Server 2012 R2, and Windows Server 2016 need to apply firmware and software updates as well as configure protections. See Microsoft Knowledge Base Article 4072698 for additional information, including workarounds. Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect Windows Server VMs running in Azure. More information can be found here. Microsoft will continue to work closely with industry partners to improve mitigations against this class of vulnerabilities. Microsoft cloud customersMicrosoft has already deployed mitigations across the majority of our cloud services and is accelerating efforts to complete the remainder. More information is available here. Microsoft SQL Server customersIn scenarios running Microsoft SQL Server, customers should follow the guidance outlined in Microsoft Knowledge Base Article 4073225. FAQ1. What systems are at risk from this vulnerability?
2. What are the associated CVEs for these vulnerabilities?
3. Have there been any active attacks detected? No. When this security advisory was issued, Microsoft had not received any information to indicate that these vulnerabilities had been used to attack customers. 4. Have these vulnerabilities been publicly disclosed? Yes. The vulnerabilities were disclosed on January 3, 2018 at https://bugs.chromium.org/p/project-zero/issues/detail?id=1272 5. I was not offered the Windows security updates released on January 3, 2018. What should I do? To help avoid adversely affecting customer devices, the Windows security updates released on January 3rd, 2018 have only been offered to devices running compatible antivirus software. Please see Microsoft Knowledge Base Article 4072699 for more information about how to get the updates. 6. Why aren't Windows Server 2008 and Windows Server 2012 platforms getting an update? When can customers expect the fix? Addressing a hardware vulnerability with a software update presents significant challenges with some operating systems requiring extensive architectural changes. Microsoft continues to work with affected chip manufacturers and investigate the best way to provide mitigations 7. I have an x86 architecture and the PowerShell Verification output indicates that I am not fully protected from these speculative execution side-channel vulnerabilities. Will Microsoft provide complete protections in the future? Addressing a hardware vulnerability with a software update presents significant challenges and mitigations for older operating systems that require extensive architectural changes. The existing 32 bit update packages listed in this advisory fully address CVE-2017-5753 and CVE-2017-5715, but do not provide protections for CVE-2017-5754 at this time. Microsoft is continuing to work with affected chip manufacturers and investigate the best way to provide mitigations for x86 customers, which may be provided in a future update. Additional suggested actions
Acknowledgments
FAQ: None Mitigations: None Workarounds: None Revision: 4.0    2018-01-09T08:00:00     Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2008, Microsoft SQL Server 2008, and Microsoft SQL Server 2016 because these updates provide mitigations for ADV180002. 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-03T08:00:00     Revised ADV180002 to announce release of SQL 2016 and 2017 updates. 3.0    2018-01-05T08:00:00     The following updates have been made: Revised the Affected Products table to include Windows 10 Version 1709 for x64-based Systems because the update provides mitigations for ADV180002. Corrected the security update numbers for the 2016 and 2017 SQL Server Cumulative Updates. Removed Windows Server 2012 and Windows Server 2012 (Server Core installation) from the Affected Products table because there are no mitigations available for ADV180002 for these products. Revised the Affected Products table to include Monthly Rollup updates for Windows 7 and Windows Server 2008 R2. Customers who install monthly rollups should install these updates to receive the mitigations against the vulnerabilities discussed in this advisory. In the Recommended Actions section, added information for Surface customers. Added an FAQ to explain why Windows Server 2008 and Windows Server 2012 will not receive mitigations for these vulnerabilities. Added an FAQ to explain the protection against these vulnerabilties for customers using x86 architecture. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
ADV180002 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056568 (IE Cumulative) |
Important | Information Disclosure | 4054518 4052978 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056568 (IE Cumulative) |
Important | Information Disclosure | 4054518 4052978 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4056895 (Monthly Rollup) 4056568 (IE Cumulative) |
Important | Information Disclosure | 4054519 4052978 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4056895 (Monthly Rollup) 4056568 (IE Cumulative) |
Important | Information Disclosure | 4054519 4052978 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4056895 (Monthly Rollup) | Important | Information Disclosure | 4054519 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056568 (IE Cumulative) |
Important | Information Disclosure | 4054518 4052978 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4056895 (Monthly Rollup) 4056568 (IE Cumulative) |
Important | Information Disclosure | 4054519 4052978 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Information Disclosure | 4053578 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Information Disclosure | 4053578 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft Edge on Windows Server 2016 | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE) | 4057114 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE) | 4057114 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE) | 4057113 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE) | 4057113 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SQL Server 2016 for x64-based Systems | 4058560 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SQL Server 2016 for x64-based Systems (CU) | 4058559 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 | 4057118 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU) | 4058561 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SQL Server 2017 for x64-based Systems | 4057122 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SQL Server 2017 for x64-based Systems (CU) | 4058562 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Information Disclosure | 4053578 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Information Disclosure | 4053578 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2016 | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
ADV180002 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
ADV180001 MITRE NVD |
CVE Title: January 2018 Adobe Flash Security Update
Description: This security update addresses the following vulnerability, which is described in Adobe Security Bulletin APSB18-01: CVE-2018-4871. FAQ: How could an attacker exploit these vulnerabilities? In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8. Mitigations: None Workarounds: None Revision: 1.0    2018-01-09T08:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
ADV180001 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Adobe Flash Player on Windows 10 for 32-bit Systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 for x64-based Systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1511 for 32-bit Systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1511 for x64-based Systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1607 for 32-bit Systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1607 for x64-based Systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1703 for 32-bit Systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1703 for x64-based Systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1709 for 32-bit Systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 10 Version 1709 for x64-based Systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 8.1 for 32-bit systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows 8.1 for x64-based systems | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows RT 8.1 | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows Server 2012 | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows Server 2012 R2 | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Adobe Flash Player on Windows Server 2016 | 4056887 (Security Update) | Critical | Remote Code Execution | 4053577 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
ADV180001 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0741 MITRE NVD |
CVE Title: Microsoft Color Management Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. The security update addresses the vulnerability by correcting how Color Management Module handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
N/A | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0741 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 7 for 32-bit Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4056942 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Unknown |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4056942 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Unknown |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4056942 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Unknown |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4056942 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Unknown |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4056942 (Security Update) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Unknown |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0741 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0743 MITRE NVD |
CVE Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0743 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0743 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0744 MITRE NVD |
CVE Title: Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0744 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Elevation of Privilege | 4054520 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Elevation of Privilege | 4054520 |
Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 7.00 Temporal: 6.30 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0744 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0745 MITRE NVD |
CVE Title: Windows Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0745 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: 4.70 Temporal: 4.20 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0745 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0749 MITRE NVD |
CVE Title: SMB Server Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how Windows SMB Server handles such specially crafted files. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0749 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Elevation of Privilege | 4053581 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Elevation of Privilege | 4053578 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Elevation of Privilege | 4053580 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Elevation of Privilege | 4054518 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Elevation of Privilege | 4054518 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4056759 (Security Update) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4056759 (Security Update) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4056759 (Security Update) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4056759 (Security Update) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4056759 (Security Update) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Elevation of Privilege | 4054518 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Elevation of Privilege | 4054518 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Elevation of Privilege | 4054518 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Elevation of Privilege | 4054520 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Elevation of Privilege | 4054520 |
Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Elevation of Privilege | None | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Elevation of Privilege | 4053579 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Elevation of Privilege | 4054517 | Base: 6.60 Temporal: 5.90 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0749 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0754 MITRE NVD |
CVE Title: OpenType Font Driver Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. To exploit this vulnerability, an attacker would have to log on to an affected system and open a document containing specially crafted fonts. The update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2018-01-03T08:00:00     Information published. 2.0    2018-01-05T08:00:00     Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0754 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4056893 (Security Update) | Important | Information Disclosure | 4053581 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Important | Information Disclosure | 4053578 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Important | Information Disclosure | 4053578 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Important | Information Disclosure | 4053580 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4056941 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4056941 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4056941 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4056941 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4056941 (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4056894 (Monthly Rollup) 4056897 (Security Only) |
Important | Information Disclosure | 4054518 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Information Disclosure | 4054520 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4056896 (Monthly Rollup) 4056899 (Security Only) |
Important | Information Disclosure | 4054520 |
Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4056898 (Security Only) | Important | Information Disclosure | None | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4056890 (Security Update) | Important | Information Disclosure | 4053579 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1709 (Server Core Installation) | 4056892 (Security Update) | Important | Information Disclosure | 4054517 | Base: 5.50 Temporal: 5.00 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0754 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0758 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to include ChakraCore for this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | N/A | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0758 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for 32-bit Systems | 4056893 (Security Update) | Critical | Remote Code Execution | 4053581 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4056893 (Security Update) | Critical | Remote Code Execution | 4053581 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Critical | Remote Code Execution | 4053578 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Critical | Remote Code Execution | 4053578 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Critical | Remote Code Execution | 4053579 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Critical | Remote Code Execution | 4053579 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Critical | Remote Code Execution | 4053580 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Critical | Remote Code Execution | 4053580 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4056890 (Security Update) | Moderate | Remote Code Execution | 4053579 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0758 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0762 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 2.0    2018-01-05T08:00:00     Revised the Affected Products table to include ChakraCore for this vulnerability. 1.0    2018-01-03T08:00:00     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2018-0762 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Commit (Security Update) | Critical | Remote Code Execution | None | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Internet Explorer 10 on Windows Server 2012 | 4056896 (Monthly Rollup) 4056568 (IE Cumulative) |
Moderate | Remote Code Execution | 4054520 4052978 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4056893 (Security Update) | Critical | Remote Code Execution | 4053581 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4056893 (Security Update) | Critical | Remote Code Execution | 4053581 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Critical | Remote Code Execution | 4053578 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Critical | Remote Code Execution | 4053578 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Critical | Remote Code Execution | 4053579 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Critical | Remote Code Execution | 4053579 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Critical | Remote Code Execution | 4053580 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Critical | Remote Code Execution | 4053580 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056568 (IE Cumulative) |
Critical | Remote Code Execution | 4054518 4052978 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056568 (IE Cumulative) |
Critical | Remote Code Execution | 4054518 4052978 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4056895 (Monthly Rollup) 4056568 (IE Cumulative) |
Critical | Remote Code Execution | 4054519 4052978 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4056895 (Monthly Rollup) 4056568 (IE Cumulative) |
Critical | Remote Code Execution | 4054519 4052978 |
Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4056895 (Monthly Rollup) | Critical | Remote Code Execution | 4054519 | Base: 7.50 Temporal: 6.70 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4056894 (Monthly Rollup) 4056568 (IE Cumulative) |
Moderate | Remote Code Execution | 4054518 4052978 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4056895 (Monthly Rollup) 4056568 (IE Cumulative) |
Moderate | Remote Code Execution | 4054519 4052978 |
Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4056890 (Security Update) | Moderate | Remote Code Execution | 4053579 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4056568 (IE Cumulative) | Moderate | Remote Code Execution | 4052978 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4056568 (IE Cumulative) | Moderate | Remote Code Execution | 4052978 | Base: 6.40 Temporal: 5.80 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for 32-bit Systems | 4056893 (Security Update) | Critical | Remote Code Execution | 4053581 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 for x64-based Systems | 4056893 (Security Update) | Critical | Remote Code Execution | 4053581 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems | 4056888 (Security Update) | Critical | Remote Code Execution | 4053578 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems | 4056888 (Security Update) | Critical | Remote Code Execution | 4053578 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems | 4056890 (Security Update) | Critical | Remote Code Execution | 4053579 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems | 4056890 (Security Update) | Critical | Remote Code Execution | 4053579 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems | 4056891 (Security Update) | Critical | Remote Code Execution | 4053580 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems | 4056891 (Security Update) | Critical | Remote Code Execution | 4053580 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems | 4056892 (Security Update) | Critical | Remote Code Execution | 4054517 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge on Windows Server 2016 | 4056890 (Security Update) | Moderate | Remote Code Execution | 4053579 | Base: 4.20 Temporal: 3.80 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2018-0762 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2018-0766 MITRE NVD |
CVE Title: Microsoft Edge Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory. |