Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
.NET Framework CVE-2018-0786 .NET Security Feature Bypass Vulnerability
.NET Framework CVE-2018-0764 .NET and .NET Core Denial Of Service Vulnerability
Adobe Flash Player ADV180001 January 2018 Adobe Flash Security Update
ASP .NET CVE-2018-0784 ASP.NET Core Elevation Of Privilege Vulnerability
ASP.NET CVE-2018-0785 ASP.NET Core Cross Site Request Forgery Vulnerabilty
Graphic Fonts CVE-2018-0788 OpenType Font Driver Elevation of Privilege Vulnerability
Graphic Fonts CVE-2018-0754 OpenType Font Driver Information Disclosure Vulnerability
Microsoft Browsers CVE-2018-0762 Scripting Engine Memory Corruption Vulnerability
Microsoft Browsers CVE-2018-0772 Scripting Engine Memory Corruption Vulnerability
Microsoft Edge CVE-2018-0803 Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge CVE-2018-0766 Microsoft Edge Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-0750 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-0741 Microsoft Color Management Information Disclosure Vulnerability
Microsoft Office CVE-2018-0802 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2018-0798 Microsoft Office Memory Corruption Vulnerability
Microsoft Office ADV180003 Microsoft Office Defense in Depth Update
Microsoft Office CVE-2018-0801 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0791 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0792 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0793 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0790 Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0794 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0796 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0789 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0812 Microsoft Word Memory Corruption Vulnerability
Microsoft Office CVE-2018-0819 Spoofing Vulnerability in Microsoft Office for MAC
Microsoft Office CVE-2018-0804 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0805 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0806 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0807 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0799 Microsoft Access Tampering Vulnerability
Microsoft Office CVE-2018-0795 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0797 Microsoft Word Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0775 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0818 Scripting Engine Security Feature Bypass
Microsoft Scripting Engine CVE-2018-0770 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0769 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0778 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0780 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-0776 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0777 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0781 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0758 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0773 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0774 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0768 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0800 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-0767 Scripting Engine Information Disclosure Vulnerability
Microsoft Windows CVE-2018-0753 Windows IPSec Denial of Service Vulnerability
Side-Channel ADV180002 Guidance to mitigate speculative execution side-channel vulnerabilities
Windows Kernel CVE-2018-0751 Windows Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0746 Windows Information Disclosure Vulnerability
Windows Kernel CVE-2018-0744 Windows Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0745 Windows Information Disclosure Vulnerability
Windows Kernel CVE-2018-0752 Windows Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0747 Windows Information Disclosure Vulnerability
Windows Kernel CVE-2018-0748 Windows Elevation of Privilege Vulnerability
Windows SMB Server CVE-2018-0749 SMB Server Elevation of Privilege Vulnerability
Windows Subsystem for Linux CVE-2018-0743 Windows Subsystem for Linux Elevation of Privilege Vulnerability

ADV180003 - Microsoft Office Defense in Depth Update

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
ADV180003
MITRE
NVD
CVE Title: Microsoft Office Defense in Depth Update
Description:

Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Unkwown Defense in Depth

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

ADV180003
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 4011201 (Security Update) None Defense in Depth 4011063 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011611 (Security Update) None Defense in Depth 4011055 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011611 (Security Update) None Defense in Depth 4011055 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 4011636 (Security Update) None Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011636 (Security Update) None Defense in Depth 4011103 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011636 (Security Update) None Defense in Depth 4011103 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4011622 (Security Update) None Defense in Depth 4011038 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4011622 (Security Update) None Defense in Depth 4011038 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run (Security Update) None Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run (Security Update) None Defense in Depth None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
ADV180003 None

CVE-2018-0804 - Microsoft Word Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0804
MITRE
NVD
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Low Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0804
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 4011656 (Security Update) Low Remote Code Execution 4011604 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011610 (Security Update) Low Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011610 (Security Update) Low Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011651 (Security Update) Low Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011651 (Security Update) Low Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4011574 (Security Update) Low Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4011574 (Security Update) Low Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run (Security Update) Low Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run (Security Update) Low Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4011607 (Security Update) Low Remote Code Execution 4011265 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2007 Service Pack 3 4011657 (Security Update) Low Remote Code Execution 4011608 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4011659 (Security Update) Low Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4011659 (Security Update) Low Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4011651 (Security Update) Low Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4011651 (Security Update) Low Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4011651 (Security Update) Low Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4011643 (Security Update) Low Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4011643 (Security Update) Low Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0804 None

CVE-2018-0805 - Microsoft Word Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0805
MITRE
NVD
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0805
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 4011656 (Security Update) Important Remote Code Execution 4011604 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4011607 (Security Update) Important Remote Code Execution 4011265 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2007 Service Pack 3 4011657 (Security Update) Important Remote Code Execution 4011608 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4011651 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0805 None

CVE-2018-0806 - Microsoft Word Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0806
MITRE
NVD
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0806
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 4011656 (Security Update) Important Remote Code Execution 4011604 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4011607 (Security Update) Important Remote Code Execution 4011265 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2007 Service Pack 3 4011657 (Security Update) Important Remote Code Execution 4011608 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4011651 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0806 None

CVE-2018-0807 - Microsoft Word Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0807
MITRE
NVD
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0807
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 4011656 (Security Update) Important Remote Code Execution 4011604 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4011607 (Security Update) Important Remote Code Execution 4011265 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2007 Service Pack 3 4011657 (Security Update) Important Remote Code Execution 4011608 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4011651 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4011651 (Security Update) Important Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0807 None

CVE-2018-0812 - Microsoft Word Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0812
MITRE
NVD
CVE Title: Microsoft Word Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0812
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 4011656 (Security Update) Important Remote Code Execution 4011604 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4011607 (Security Update) Important Remote Code Execution 4011265 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2007 Service Pack 3 4011657 (Security Update) Important Remote Code Execution 4011608 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0812 None

CVE-2018-0818 - Scripting Engine Security Feature Bypass

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0818
MITRE
NVD
CVE Title: Scripting Engine Security Feature Bypass
Description:

A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed. By itself, the CFG bypass vulnerability does not allow arbitrary code execution. However, an attacker could use the CFG bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system.

To exploit the CFG bypass vulnerability, a user must be logged on to the Microsoft Chakra scripting engine and running it. The user would then need to browse to a malicious website.

The security update addresses the CFG bypass vulnerability by helping to ensure that the Microsoft Chakra scripting engine properly handles accessing memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to include ChakraCore for this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0818
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Commit (Security Update) Important Security Feature Bypass None Base: 4.30
Temporal: 3.90
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0818 None

CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for MAC

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0819
MITRE
NVD
CVE Title: Spoofing Vulnerability in Microsoft Office for MAC
Description:

A spoofing vulnerability exists when Microsoft Outlook for MAC does not properly handle the encoding and display of email addresses. This improper handling and display may cause antivirus or antispam scanning to not work as intended.

To exploit the vulnerability, an attacker could send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing.

The security update addresses the vulnerability by correcting how Outlook for MAC displays encoded email addresses.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0819
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2016 for Mac Release Notes (Security Update) Important Spoofing None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0819 None

CVE-2018-0746 - Windows Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0746
MITRE
NVD
CVE Title: Windows Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0746
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Information Disclosure 4053578 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Information Disclosure 4053578 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Information Disclosure 4054520
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Information Disclosure 4054520
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4056890 (Security Update) Important Information Disclosure 4053579 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Information Disclosure 4053579 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0746 None

CVE-2018-0747 - Windows Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0747
MITRE
NVD
CVE Title: Windows Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0747
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Information Disclosure 4053578 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Information Disclosure 4053578 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4056613 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4056613 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4056613 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4056613 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4056613 (Security Update) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Information Disclosure 4054520
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Information Disclosure 4054520
Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Information Disclosure None Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4056890 (Security Update) Important Information Disclosure 4053579 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Information Disclosure 4053579 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Information Disclosure 4054517 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0747 None

CVE-2018-0748 - Windows Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0748
MITRE
NVD
CVE Title: Windows Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0748
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Elevation of Privilege 4054518
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Elevation of Privilege 4054518
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4056615 (Security Update) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4056615 (Security Update) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4056615 (Security Update) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4056615 (Security Update) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4056615 (Security Update) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Elevation of Privilege 4054518
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Elevation of Privilege 4054518
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Elevation of Privilege 4054518
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Elevation of Privilege 4054520
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Elevation of Privilege 4054520
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0748 None

CVE-2018-0751 - Windows Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0751
MITRE
NVD
CVE Title: Windows Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0751
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Elevation of Privilege 4054520
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Elevation of Privilege 4054520
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0751 None

CVE-2018-0752 - Windows Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0752
MITRE
NVD
CVE Title: Windows Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0752
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Elevation of Privilege 4054520
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Elevation of Privilege 4054520
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0752 None

CVE-2018-0753 - Windows IPSec Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0753
MITRE
NVD
CVE Title: Windows IPSec Denial of Service Vulnerability
Description:

A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges. However, the denial of service condition could prevent authorized users from using system resources.

The security update addresses the vulnerability by correcting how Windows handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0753
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4056893 (Security Update) Important Denial of Service 4053581 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4056893 (Security Update) Important Denial of Service 4053581 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Denial of Service 4053578 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Denial of Service 4053578 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Denial of Service 4053579 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Denial of Service 4053579 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Denial of Service 4053580 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Denial of Service 4053580 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Denial of Service 4054517 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Denial of Service None Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Denial of Service None Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Denial of Service 4054520
Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Denial of Service 4054520
Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Denial of Service None Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Denial of Service None Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4056890 (Security Update) Important Denial of Service 4053579 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Denial of Service 4053579 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Denial of Service 4054517 Base: 5.90
Temporal: 5.30
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0753 None

CVE-2018-0750 - Windows GDI Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0750
MITRE
NVD
CVE Title: Windows GDI Information Disclosure Vulnerability
Description:

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0750
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4056944 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4056944 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4056944 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4056944 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4056944 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0750 None

CVE-2018-0773 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0773
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to include ChakraCore for this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0773
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Commit (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0773 None

CVE-2018-0774 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0774
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to include ChakraCore for this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0774
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Commit (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0774 None

CVE-2018-0781 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0781
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-05T08:00:00    

Revised the Affected Products table to include ChakraCore for this vulnerability.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0781
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Commit (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Critical Remote Code Execution 4053578 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Critical Remote Code Execution 4053578 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Critical Remote Code Execution 4053579 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Critical Remote Code Execution 4053579 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Critical Remote Code Execution 4053580 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Critical Remote Code Execution 4053580 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4056890 (Security Update) Critical Remote Code Execution 4053579 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0781 None

CVE-2018-0784 - ASP.NET Core Elevation Of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0784
MITRE
NVD
CVE Title: ASP.NET Core Elevation Of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests. An attacker who successfully exploited this vulnerability could perform content injection attacks and run script in the security context of the logged-on user.

To exploit the vulnerability, an attacker could send a specially crafted email, containing a malicious link, to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link. However, in all cases to exploit this vulnerability a user must click a maliciously crafted link from an attacker.

The security update addresses the vulnerability by correcting the ASP.NET Core project templates.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0784
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ASP.NET Core 2.0 Commit (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Yes
ASP.NET Core 2.0 on Windows 10 Version 1703 for 32-bit Systems Commit (Security Update) Important Elevation of Privilege None Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0784 None

CVE-2018-0786 - .NET Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0786
MITRE
NVD
CVE Title: .NET Security Feature Bypass Vulnerability
Description:

A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates.

An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings.

The security update addresses the vulnerability by helping to ensure that .NET Framework (and .NET Core) components completely validate certificates.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0786
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
.NET Core 1.0 Commit (Security Update) Important Security Feature Bypass None Base: N/A
Temporal: N/A
Vector: N/A
Yes
.NET Core 2.0 Commit (Security Update) Important Security Feature Bypass None Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 4054996 (Monthly Rollup)
4054174 (Security Only)
Important Security Feature Bypass 4049019, 4041086
3122646
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 4054996 (Monthly Rollup)
4054174 (Security Update)
Important Security Feature Bypass 4049019, 4041086
3122646
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 4054996 (Monthly Rollup)
4054174 (Security Only)
Important Security Feature Bypass 4049019, 4041086
3122646
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 4054996 (Monthly Rollup)
4054174 (Security Only)
Important Security Feature Bypass 4049019, 4041086
3122646
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 4054996 (Monthly Rollup)
4054174 (Security Update)
Important Security Feature Bypass 4049019, 4041086
3122646
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 4054996 (Monthly Rollup)
4054174 (Security Only)
Important Security Feature Bypass 4049019, 4041086
3122646
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems 4056893 (Security Update) Important Security Feature Bypass 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems 4056893 (Security Update) Important Security Feature Bypass 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Security Feature Bypass 4053578 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Security Feature Bypass 4053578 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Security Feature Bypass 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Security Feature Bypass 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Security Feature Bypass 4053580 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Security Feature Bypass 4053580 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Security Feature Bypass 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Security Feature Bypass 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems 4054999 (Monthly Rollup)
4054177 (Security Only)
Important Security Feature Bypass 4049017, 4041085
3122651
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems 4054999 (Monthly Rollup)
4054182 (Security Only)
Important Security Feature Bypass 4049017, 4041085
3122660
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 4054997 (Monthly Rollup)
4054175 (Security Only)
Important Security Feature Bypass 4049018, 4041084
3122655, 3122658
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) 4054997 (Monthly Rollup)
4054175 (Security Only)
Important Security Feature Bypass 4049018, 4041084
3122655, 3122658
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 4054999 (Monthly Rollup)
4054177 (Security Only)
Important Security Feature Bypass 4049017, 4041085
3122651
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) 4054999 (Monthly Rollup)
4054177 (Security Only)
Important Security Feature Bypass 4049017, 4041085
3122651
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5 on Windows Server 2016 4056890 (Security Update) Important Security Feature Bypass 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Security Feature Bypass 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5 on Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Security Feature Bypass 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 4054998 (Monthly Rollup)
4054176 (Security Only)
Important Security Feature Bypass 4049016, 4041083
2973112, 3122648
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 4054998 (Monthly Rollup)
4054176 (Security Only)
Important Security Feature Bypass 4049016, 4041083
2973112, 3122648
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4054998 (Monthly Rollup)
4054176 (Security Only)
Important Security Feature Bypass 4049016, 4041083
2973112, 3122648
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4054998 (Monthly Rollup)
4054176 (Security Only)
Important Security Feature Bypass 4049016, 4041083
2973112, 3122648
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4054998 (Monthly Rollup)
4054176 (Security Only)
Important Security Feature Bypass 4049016, 4041083
2973112, 3122648
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 4054995 (Monthly Rollup)
4054172 (Security Only)
Important Security Feature Bypass 4049016, 4041083
3122656
Base: N/A
Temporal: N/A
Vector: N/A

Maybe
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 4054995 (Monthly Rollup)
4054172 (Security Only)
Important Security Feature Bypass 4049016, 4041083
3122656
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems 4054993 (Monthly Rollup)
4054170 (Security Only)
Important Security Feature Bypass 4049017, 4041085
3122654
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems 4054170 (Security Only)
4054993 (Monthly Rollup)
Important Security Feature Bypass 3122654
4049017, 4041085
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows RT 8.1 4054993 (Monthly Rollup) Important Security Feature Bypass 4049017, 4041085 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 4054172 (Security Only)
4054995 (Monthly Rollup)
Important Security Feature Bypass 3122656
4049017, 4041086
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 4054172 (Security Only)
4054995 (Monthly Rollup)
Important Security Feature Bypass 3122656
4049017, 4041086
Base: N/A
Temporal: N/A
Vector: N/A

Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4054995 (Monthly Rollup)
4054172 (Security Only)
Important Security Feature Bypass 4049016, 4041083
3122656
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4054995 (Monthly Rollup)
4054172 (Security Only)
Important Security Feature Bypass 4049016, 4041083
3122656
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 4054994 (Monthly Rollup)
4054171 (Security Only)
Important Security Feature Bypass 4049018, 4041084
3122655
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) 4054994 (Monthly Rollup)
4054171 (Security Only)
Important Security Feature Bypass 4049018, 4041084
3122655
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 4054170 (Security Only)
4054993 (Monthly Rollup)
Important Security Feature Bypass 3122654
4049017, 4041085
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) 4054170 (Security Only)
4054993 (Monthly Rollup)
Important Security Feature Bypass 3122654
4049017, 4041085
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6 on Windows 10 for 32-bit Systems 4056893 (Security Update) Important Security Feature Bypass 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6 on Windows 10 for x64-based Systems 4056893 (Security Update) Important Security Feature Bypass 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 4054183 (Security Only)
4055002 (Monthly Rollup)
Important Security Feature Bypass 3122661
4049019, 4041086
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 4055002 (Monthly Rollup)
4054183 (Security Only)
Important Security Feature Bypass 4049019, 4041086
3122661
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6.1 on Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Security Feature Bypass 4053578 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.1 on Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Security Feature Bypass 4053578 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7 on Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Security Feature Bypass 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7 on Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Security Feature Bypass 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7 on Windows Server 2016 4056890 (Security Update) Important Security Feature Bypass 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6.2/4.7 on Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Security Feature Bypass 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 7 for 32-bit Systems Service Pack 1 4055002 (Monthly Rollup)
4054183 (Security Only)
Important Security Feature Bypass 4041083; 4049016
3122661
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 7 for x64-based Systems Service Pack 1 4055002 (Monthly Rollup)
4054183 (Security Only)
Important Security Feature Bypass 4049016, 4041083
3122661
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 8.1 for 32-bit systems 4054182 (Security Only)
4055001 (Monthly Rollup)
Important Security Feature Bypass 3122660
4049017, 4041085
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 8.1 for x64-based systems 4054182 (Security Only)
4055001 (Monthly Rollup)
Important Security Feature Bypass 3122660
4049017, 4041085
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows RT 8.1 4055001 (Monthly Rollup) Important Security Feature Bypass 4049017, 4041085 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4055002 (Monthly Rollup)
4054183 (Security Only)
Important Security Feature Bypass 4049016, 4041083
3122661
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4055002 (Monthly Rollup)
4054183 (Security Only)
Important Security Feature Bypass 4049016, 4041083
3122661
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 4055000 (Monthly Rollup)
4054181 (Security Only)
Important Security Feature Bypass 4049018, 4041084
3122658
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 (Server Core installation) 4055000 (Monthly Rollup)
4054181 (Security Only)
Important Security Feature Bypass 4049018, 4041084
3122658
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 R2 4054182 (Security Only)
4055001 (Monthly Rollup)
Important Security Feature Bypass 3122660
4049017, 4041085
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2012 R2 (Server Core installation) 4054182 (Security Only)
4055001 (Monthly Rollup)
Important Security Feature Bypass 3122660
4049017, 4041085
Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft .NET Framework 4.7 on Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Security Feature Bypass 4053580 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7 on Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Security Feature Bypass 4053580 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.1 on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Security Feature Bypass 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.1 on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Security Feature Bypass 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft .NET Framework 4.7.1 on Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Security Feature Bypass 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0786 None

CVE-2018-0788 - OpenType Font Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0788
MITRE
NVD
CVE Title: OpenType Font Driver Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit the vulnerability, an attacker would first have to log on to a target system and then run a specially crafted application.

The security update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0788
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Information Disclosure None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Information Disclosure None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4056941 (Security Update) Important Information Disclosure None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4056941 (Security Update) Important Information Disclosure None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4056941 (Security Update) Important Information Disclosure None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4056941 (Security Update) Important Information Disclosure None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4056941 (Security Update) Important Information Disclosure None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Information Disclosure 4054520
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Information Disclosure 4054520
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Information Disclosure None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Information Disclosure None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0788 None

CVE-2018-0795 - Microsoft Office Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0795
MITRE
NVD
CVE Title: Microsoft Office Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0795
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011611 (Security Update) Important Remote Code Execution 4011055 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011611 (Security Update) Important Remote Code Execution 4011055 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 RT Service Pack 1 4011636 (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011636 (Security Update) Important Remote Code Execution 4011103 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011636 (Security Update) Important Remote Code Execution 4011103 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4011632 (Security Update) Important Remote Code Execution 3191944 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4011632 (Security Update) Important Remote Code Execution 3191944 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0795 None

CVE-2018-0797 - Microsoft Word Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0797
MITRE
NVD
CVE Title: Microsoft Word Memory Corruption Vulnerability
Description:

An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by changing the way Microsoft Office software handles RTF content.


FAQ:

I have Microsoft Word 2010 installed. Why am I not being offered the 4011658 update? The 4011658 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.

I am being offered this update for software that is not specifically indicated as being affected in the Affected Software and Vulnerability Severity Ratings table. Why am I being offered this update? When updates address vulnerable code that exists in a component that is shared between multiple Microsoft Office products or shared between multiple versions of the same Microsoft Office product, the update is considered to be applicable to all supported products and versions that contain the vulnerable component.

For example, when an update applies to Microsoft Office 2007 products, only Microsoft Office 2007 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2007, Microsoft Excel 2007, Microsoft Visio 2007, Microsoft Compatibility Pack, Microsoft Excel Viewer, or any other Microsoft Office 2007 product that is not specifically listed in the Affected Software table. Furthermore, when an update applies to Microsoft Office 2010 products, only Microsoft Office 2010 may be specifically listed in the Affected Software table. However, the update could apply to Microsoft Word 2010, Microsoft Excel 2010, Microsoft Visio 2010, Microsoft Visio Viewer, or any other Microsoft Office 2010 product that is not specifically listed in the Affected Software table.

For more information on this behavior and recommended actions, see Microsoft Knowledge Base Article 830335. For a list of Microsoft Office products that an update may apply to, refer to the Microsoft Knowledge Base Article associated with the specific update.

Why is there a separate update for Word Viewer The Word Viewer update (4011641) is only supported, and will only install from Microsoft Update, if it’s on Windows Embedded POSReady 2009. This is because Word Viewer ships pre-installed in Windows Embedded POSReady 2009, which is still in support. For other platforms, Word Viewer is no longer supported.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0797
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011658 (Security Update) Critical Remote Code Execution 4011612 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011658 (Security Update) Critical Remote Code Execution 4011612 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4011607 (Security Update) Critical Remote Code Execution 4011265 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Online Server 2016 4011021 (Security Update) Critical Remote Code Execution 4011020 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Web Apps 2010 Service Pack 2 4011615 (Security Update) Critical Remote Code Execution 4011271 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Web Apps Server 2013 Service Pack 1 4011648 (Security Update) Critical Remote Code Execution 4011247 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office Word Viewer 4011641 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4011579 (Security Update) Critical Remote Code Execution 4011245 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4011642 (Security Update) Critical Remote Code Execution 4011576 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Server 2010 Service Pack 2 4011609 (Security Update) Critical Remote Code Execution 4011267 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2007 Service Pack 3 4011657 (Security Update) Critical Remote Code Execution 4011608 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4011659 (Security Update) Critical Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4011659 (Security Update) Critical Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4011651 (Security Update) Critical Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4011651 (Security Update) Critical Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4011651 (Security Update) Critical Remote Code Execution 4011590 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4011643 (Security Update) Critical Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4011643 (Security Update) Critical Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0797 None

CVE-2018-0799 - Microsoft Access Tampering Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0799
MITRE
NVD
CVE Title: Microsoft Access Tampering Vulnerability
Description:

A cross-site-scripting (XSS) vulnerability exists when Microsoft Access does not properly sanitize inputs to image fields edited within Design view. An attacker could exploit the vulnerability by sending a specially crafted file to a victim, or by hosting the file on a web server.

The attacker who successfully exploited the vulnerability could then run javascript in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on a remote site on behalf of the user, and inject malicious content in the browser of the user.

The security update addresses the vulnerability by helping to ensure that Microsoft Access properly sanitizes image field values.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Tampering

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0799
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 4011599 (Security Update) Important Tampering 3178633 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SharePoint Enterprise Server 2016 4011642 (Security Update) Important Tampering 4011576 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0799 None

CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0802
MITRE
NVD
CVE Title: Microsoft Office Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Unlikely Exploitation Unlikely Not Applicable No Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0802
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 4011656 (Security Update) Important Remote Code Execution 4011604 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4011607 (Security Update) Important Remote Code Execution 4011265 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2007 Service Pack 3 4011657 (Security Update) Important Remote Code Execution 4011608 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0802 None

CVE-2018-0801 - Microsoft Office Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0801
MITRE
NVD
CVE Title: Microsoft Office Remote Code Execution Vulnerability
Description:

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office or Microsoft WordPad software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

The security update addresses the vulnerability by removing Equation Editor functionality. For more information on this change, please refer to the following article: https://support.microsoft.com/en-us/help/4057882


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0801
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Office 2007 Service Pack 3 4011656 (Security Update) Important Remote Code Execution 4011604 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (32-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2010 Service Pack 2 (64-bit editions) 4011610 (Security Update) Important Remote Code Execution 4011618 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (32-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 (64-bit edition) 4011574 (Security Update) Important Remote Code Execution 4011262 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: N/A
Temporal: N/A
Vector: N/A
No
Microsoft Office Compatibility Pack Service Pack 3 4011607 (Security Update) Important Remote Code Execution 4011265 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2007 Service Pack 3 4011657 (Security Update) Important Remote Code Execution 4011608 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (32-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2010 Service Pack 2 (64-bit editions) 4011659 (Security Update) Important Remote Code Execution 4011614 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 RT Service Pack 1 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (32-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2013 Service Pack 1 (64-bit editions) 4011580 (Security Update) Important Remote Code Execution 3162047 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (32-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft Word 2016 (64-bit edition) 4011643 (Security Update) Important Remote Code Execution 4011575 Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0801 None

CVE-2018-0803 - Microsoft Edge Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0803
MITRE
NVD
CVE Title: Microsoft Edge Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.

In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. An attacker who successfully exploited this vulnerability could elevate privileges in affected versions of Microsoft Edge.

The security update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Microsoft Edge.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


Low Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0803
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Microsoft Edge on Windows 10 for 32-bit Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4056890 (Security Update) Low Elevation of Privilege 4053579 Base: 3.10
Temporal: 2.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0803 None

CVE-2018-0800 - Scripting Engine Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0800
MITRE
NVD
CVE Title: Scripting Engine Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to include ChakraCore for this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Critical Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0800
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Commit (Security Update) Critical Information Disclosure None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Critical Information Disclosure 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Critical Information Disclosure 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0800 None

ADV180002 - Guidance to mitigate speculative execution side-channel vulnerabilities

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
ADV180002
MITRE
NVD
CVE Title: Guidance to mitigate speculative execution side-channel vulnerabilities
Description:

Executive Summary

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services. See below for more details.

Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues working closely with industry partners including chip makers, hardware OEMs and app vendors to protect customers. To get all available protections, hardware/firmware and software updates are required. This may include microcode from device OEMs and in some cases updates to AV software as well.

This advisory addresses the following vulnerabilities:

  • CVE-2017-5753 - Bounds check bypass
  • CVE-2017-5715 - Branch target injection
  • CVE-2017-5754 - Rogue data cache load

Recommended Actions

For consumers, the best protection is to keep your computers up to date. You can do this by taking advantage of automatic update. Learn how to turn on automatic updates here. In addition to installing the January 2018 Windows security updates, you may also need to install firmware updates from your device manufacturer for increased protection. Check with your device manufacturer for relevant updates.

If automatic updates are enabled, the January 2018 Windows security update will be offered to the devices running supported anti-virus (AV) applications. Updates can be installed in any order.

  1. If you have automatic updating enabled and configured to provide updates for Windows, the updates are delivered to you when they are released, if your device and software are compatible. We recommend you verify these updates are installed. If automatic update is not enabled, manually check for and install the January 2018 Windows operating system security update.
  2. Install applicable firmware update provided by your OEM device manufacturer.

Customers using Surface products need to apply both firmware and software updates. See Microsoft Knowledge Base Article 4073065 article for more information.  

Potential performance impacts

In testing Microsoft has seen some performance impact with these mitigations. For most consumer devices, the impact may not be noticeable, however, the specific impact varies by hardware generation and implementation by the chip manufacturer. Microsoft values the security of its software and services and has made the decision to implement certain mitigation strategies in an effort to better secure our products. We continue to work with hardware vendors to improve performance while maintaining a high level of security.

Advisory Details

Vulnerabilities Description

Speculative execution side-channel vulnerabilities can be used to read the content of memory across a trusted boundary and can therefore lead to information disclosure. There are multiple vectors by which an attacker could trigger the vulnerabilities depending on the configured environment.

Microsoft has been working with hardware and software makers to jointly develop mitigations to protect customers across Microsoft’s products and services. These mitigations prevent attackers from triggering a weakness in the CPU which could allow the contents of memory to be disclosed.

Microsoft Windows client customers

In client scenarios, a malicious user mode application could be used to disclose the contents of kernel memory.

Customers using Windows client operating systems including Windows 7 Service Pack 1, Windows 8.1, and Windows 10 need to apply both firmware and software updates. See Microsoft Knowledge Base Article 4073119 for additional information.

Customers using Microsoft Surface and Surface Book products need to apply both firmware and software updates. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically.

Microsoft will continue to work closely with industry partners to improve mitigations against this class of vulnerabilities.

Microsoft Windows Server customers

In server scenarios, a malicious user-mode application could be used to disclose the contents of kernel memory. In other multi-tenant hosting environments, a virtual machine could read the memory of the host operating system or the memory of other guest operating systems running on the same physical machine.

Customers using Windows server operating systems including Windows Server 2008 R2 Service Pack 1, Windows Server 2012 R2, and Windows Server 2016 need to apply firmware and software updates as well as configure protections. See Microsoft Knowledge Base Article 4072698 for additional information, including workarounds.

Microsoft Azure has taken steps to address the security vulnerabilities at the hypervisor level to protect Windows Server VMs running in Azure. More information can be found here.

Microsoft will continue to work closely with industry partners to improve mitigations against this class of vulnerabilities.

Microsoft cloud customers

Microsoft has already deployed mitigations across the majority of our cloud services and is accelerating efforts to complete the remainder.  More information is available here.

Microsoft SQL Server customers

In scenarios running Microsoft SQL Server, customers should follow the guidance outlined in Microsoft Knowledge Base Article 4073225.

FAQ

1. What systems are at risk from this vulnerability?

  • Client Operating Systems Windows Windows client systems are at risk
  • Server Operating Systems Windows servers are at risk

2. What are the associated CVEs for these vulnerabilities?

3. Have there been any active attacks detected?

No. When this security advisory was issued, Microsoft had not received any information to indicate that these vulnerabilities had been used to attack customers.

4. Have these vulnerabilities been publicly disclosed?

Yes. The vulnerabilities were disclosed on January 3, 2018 at https://bugs.chromium.org/p/project-zero/issues/detail?id=1272

5. I was not offered the Windows security updates released on January 3, 2018. What should I do?

To help avoid adversely affecting customer devices, the Windows security updates released on January 3rd, 2018 have only been offered to devices running compatible antivirus software. Please see Microsoft Knowledge Base Article 4072699 for more information about how to get the updates.

6. Why aren't Windows Server 2008 and Windows Server 2012 platforms getting an update? When can customers expect the fix?

Addressing a hardware vulnerability with a software update presents significant challenges with some operating systems requiring extensive architectural changes. Microsoft continues to work with affected chip manufacturers and investigate the best way to provide mitigations

7. I have an x86 architecture and the PowerShell Verification output indicates that I am not fully protected from these speculative execution side-channel vulnerabilities. Will Microsoft provide complete protections in the future?

Addressing a hardware vulnerability with a software update presents significant challenges and mitigations for older operating systems that require extensive architectural changes. The existing 32 bit update packages listed in this advisory fully address CVE-2017-5753 and CVE-2017-5715, but do not provide protections for CVE-2017-5754 at this time. Microsoft is continuing to work with affected chip manufacturers and investigate the best way to provide mitigations for x86 customers, which may be provided in a future update.

Additional suggested actions

  • Protect your PC We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates, and installing antivirus software. For more information, see Microsoft Safety & Security Center.

  • Keep Microsoft software updated Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.

Acknowledgments


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
4.0    2018-01-09T08:00:00    

Revised the Affected Products table to include updates for supported editions of Microsoft SQL Server 2008, Microsoft SQL Server 2008, and Microsoft SQL Server 2016 because these updates provide mitigations for ADV180002.


1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-03T08:00:00    

Revised ADV180002 to announce release of SQL 2016 and 2017 updates.


3.0    2018-01-05T08:00:00    

The following updates have been made: Revised the Affected Products table to include Windows 10 Version 1709 for x64-based Systems because the update provides mitigations for ADV180002. Corrected the security update numbers for the 2016 and 2017 SQL Server Cumulative Updates. Removed Windows Server 2012 and Windows Server 2012 (Server Core installation) from the Affected Products table because there are no mitigations available for ADV180002 for these products. Revised the Affected Products table to include Monthly Rollup updates for Windows 7 and Windows Server 2008 R2. Customers who install monthly rollups should install these updates to receive the mitigations against the vulnerabilities discussed in this advisory. In the Recommended Actions section, added information for Surface customers. Added an FAQ to explain why Windows Server 2008 and Windows Server 2012 will not receive mitigations for these vulnerabilities. Added an FAQ to explain the protection against these vulnerabilties for customers using x86 architecture.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

ADV180002
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Internet Explorer 11 on Windows 10 for 32-bit Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4056894 (Monthly Rollup)
4056568 (IE Cumulative)
Important Information Disclosure 4054518
4052978
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056568 (IE Cumulative)
Important Information Disclosure 4054518
4052978
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4056895 (Monthly Rollup)
4056568 (IE Cumulative)
Important Information Disclosure 4054519
4052978
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4056895 (Monthly Rollup)
4056568 (IE Cumulative)
Important Information Disclosure 4054519
4052978
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows RT 8.1 4056895 (Monthly Rollup) Important Information Disclosure 4054519 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056568 (IE Cumulative)
Important Information Disclosure 4054518
4052978
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows Server 2012 R2 4056895 (Monthly Rollup)
4056568 (IE Cumulative)
Important Information Disclosure 4054519
4052978
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Internet Explorer 11 on Windows Server 2016 4056890 (Security Update) Important Information Disclosure 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 for 32-bit Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Information Disclosure 4053578 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Information Disclosure 4053578 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft Edge on Windows Server 2016 4056890 (Security Update) Important Information Disclosure 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Microsoft SQL Server 2008 for 32-bit Systems Service Pack 4 (QFE) 4057114 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SQL Server 2008 for x64-Based Systems Service Pack 4 (QFE) 4057114 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SQL Server 2008 R2 for 32-Bit Systems Service Pack 3 (QFE) 4057113 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SQL Server 2008 R2 for x64-Based Systems Service Pack 3 (QFE) 4057113 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SQL Server 2016 for x64-based Systems 4058560 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SQL Server 2016 for x64-based Systems (CU) 4058559 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 4057118 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU) 4058561 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SQL Server 2017 for x64-based Systems 4057122 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Microsoft SQL Server 2017 for x64-based Systems (CU) 4058562 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Maybe
Windows 10 for 32-bit Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 for x64-based Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Information Disclosure 4053578 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Information Disclosure 4053578 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 7 for 32-bit Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 7 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2016 4056890 (Security Update) Important Information Disclosure 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Information Disclosure 4053579 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Information Disclosure 4054517 Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
ADV180002 None

ADV180001 - January 2018 Adobe Flash Security Update

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
ADV180001
MITRE
NVD
CVE Title: January 2018 Adobe Flash Security Update
Description:

This security update addresses the following vulnerability, which is described in Adobe Security Bulletin APSB18-01: CVE-2018-4871.


FAQ:

How could an attacker exploit these vulnerabilities? In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.

In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-09T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

ADV180001
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Adobe Flash Player on Windows 10 for 32-bit Systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 for x64-based Systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1511 for 32-bit Systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1511 for x64-based Systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1607 for 32-bit Systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1607 for x64-based Systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1703 for 32-bit Systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1703 for x64-based Systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1709 for 32-bit Systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 10 Version 1709 for x64-based Systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for 32-bit systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows 8.1 for x64-based systems 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows RT 8.1 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2012 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2012 R2 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes
Adobe Flash Player on Windows Server 2016 4056887 (Security Update) Critical Remote Code Execution 4053577 Base: N/A
Temporal: N/A
Vector: N/A
Yes

Acknowledgements

CVE ID Acknowledgements
ADV180001 None

CVE-2018-0741 - Microsoft Color Management Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0741
MITRE
NVD
CVE Title: Microsoft Color Management Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.

The security update addresses the vulnerability by correcting how Color Management Module handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
N/A Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0741
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4056942 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4056942 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4056942 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 4056942 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4056942 (Security Update) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0741 None

CVE-2018-0743 - Windows Subsystem for Linux Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0743
MITRE
NVD
CVE Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0743
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0743 None

CVE-2018-0744 - Windows Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0744
MITRE
NVD
CVE Title: Windows Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.

The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0744
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Elevation of Privilege 4054520
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Elevation of Privilege 4054520
Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Elevation of Privilege None Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 7.00
Temporal: 6.30
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0744 None

CVE-2018-0745 - Windows Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0745
MITRE
NVD
CVE Title: Windows Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0745
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Information Disclosure 4054517 Base: 4.70
Temporal: 4.20
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0745 None

CVE-2018-0749 - SMB Server Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0749
MITRE
NVD
CVE Title: SMB Server Elevation of Privilege Vulnerability
Description:

An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker who successfully exploited this vulnerability could bypass certain security checks in the operating system.

To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses the vulnerability by correcting how Windows SMB Server handles such specially crafted files.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Exploitation Less Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0749
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4056893 (Security Update) Important Elevation of Privilege 4053581 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Elevation of Privilege 4053578 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Elevation of Privilege 4053580 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Elevation of Privilege 4054518
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Elevation of Privilege 4054518
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4056759 (Security Update) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4056759 (Security Update) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4056759 (Security Update) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4056759 (Security Update) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4056759 (Security Update) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Elevation of Privilege 4054518
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Elevation of Privilege 4054518
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Elevation of Privilege 4054518
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Elevation of Privilege 4054520
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Elevation of Privilege 4054520
Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Elevation of Privilege None Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Elevation of Privilege 4053579 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Elevation of Privilege 4054517 Base: 6.60
Temporal: 5.90
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0749 None

CVE-2018-0754 - OpenType Font Driver Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0754
MITRE
NVD
CVE Title: OpenType Font Driver Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.

To exploit this vulnerability, an attacker would have to log on to an affected system and open a document containing specially crafted fonts.

The update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2018-01-03T08:00:00    

Information published.


2.0    2018-01-05T08:00:00    

Revised the Affected Products table to add Monthly Rollup updates for Windows 7, Windows Server 2008 R2, and Windows Server 2012. Customers who install Monthly Rollups should install these updates to be protected from this vulnerability.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0754
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 4056893 (Security Update) Important Information Disclosure 4053581 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Important Information Disclosure 4053578 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Important Information Disclosure 4053578 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Important Information Disclosure 4053579 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Important Information Disclosure 4053580 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Important Information Disclosure 4054517 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 4056898 (Security Only) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 4056898 (Security Only) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 4056941 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 4056941 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2008 for Itanium-Based Systems Service Pack 2 4056941 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 4056941 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 4056941 (Security Update) Important Information Disclosure None Base: N/A
Temporal: N/A
Vector: N/A
Yes
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 4056894 (Monthly Rollup)
4056897 (Security Only)
Important Information Disclosure 4054518
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Information Disclosure 4054520
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 4056896 (Monthly Rollup)
4056899 (Security Only)
Important Information Disclosure 4054520
Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 4056898 (Security Only) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 4056898 (Security Only) Important Information Disclosure None Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 4056890 (Security Update) Important Information Disclosure 4053579 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 4056890 (Security Update) Important Information Disclosure 4053579 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes
Windows Server, version 1709 (Server Core Installation) 4056892 (Security Update) Important Information Disclosure 4054517 Base: 5.50
Temporal: 5.00
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0754 None

CVE-2018-0758 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0758
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to include ChakraCore for this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely N/A Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0758
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Commit (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for 32-bit Systems 4056893 (Security Update) Critical Remote Code Execution 4053581 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4056893 (Security Update) Critical Remote Code Execution 4053581 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Critical Remote Code Execution 4053578 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Critical Remote Code Execution 4053578 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Critical Remote Code Execution 4053579 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Critical Remote Code Execution 4053579 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Critical Remote Code Execution 4053580 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Critical Remote Code Execution 4053580 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4056890 (Security Update) Moderate Remote Code Execution 4053579 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0758 None

CVE-2018-0762 - Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0762
MITRE
NVD
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description:

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website designed to exploit the vulnerability through a Microsoft browser and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
2.0    2018-01-05T08:00:00    

Revised the Affected Products table to include ChakraCore for this vulnerability.


1.0    2018-01-03T08:00:00    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment for Latest Software Release Exploitability Assessment for Older Software Release Denial of Service Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely Exploitation More Likely Not Applicable No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2018-0762
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
ChakraCore Commit (Security Update) Critical Remote Code Execution None Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Internet Explorer 10 on Windows Server 2012 4056896 (Monthly Rollup)
4056568 (IE Cumulative)
Moderate Remote Code Execution 4054520
4052978
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for 32-bit Systems 4056893 (Security Update) Critical Remote Code Execution 4053581 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 for x64-based Systems 4056893 (Security Update) Critical Remote Code Execution 4053581 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Critical Remote Code Execution 4053578 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Critical Remote Code Execution 4053578 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Critical Remote Code Execution 4053579 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Critical Remote Code Execution 4053579 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Critical Remote Code Execution 4053580 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Critical Remote Code Execution 4053580 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4056894 (Monthly Rollup)
4056568 (IE Cumulative)
Critical Remote Code Execution 4054518
4052978
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056568 (IE Cumulative)
Critical Remote Code Execution 4054518
4052978
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for 32-bit systems 4056895 (Monthly Rollup)
4056568 (IE Cumulative)
Critical Remote Code Execution 4054519
4052978
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows 8.1 for x64-based systems 4056895 (Monthly Rollup)
4056568 (IE Cumulative)
Critical Remote Code Execution 4054519
4052978
Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows RT 8.1 4056895 (Monthly Rollup) Critical Remote Code Execution 4054519 Base: 7.50
Temporal: 6.70
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4056894 (Monthly Rollup)
4056568 (IE Cumulative)
Moderate Remote Code Execution 4054518
4052978
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2012 R2 4056895 (Monthly Rollup)
4056568 (IE Cumulative)
Moderate Remote Code Execution 4054519
4052978
Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 11 on Windows Server 2016 4056890 (Security Update) Moderate Remote Code Execution 4053579 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 4056568 (IE Cumulative) Moderate Remote Code Execution 4052978 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 4056568 (IE Cumulative) Moderate Remote Code Execution 4052978 Base: 6.40
Temporal: 5.80
Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for 32-bit Systems 4056893 (Security Update) Critical Remote Code Execution 4053581 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 for x64-based Systems 4056893 (Security Update) Critical Remote Code Execution 4053581 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for 32-bit Systems 4056888 (Security Update) Critical Remote Code Execution 4053578 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1511 for x64-based Systems 4056888 (Security Update) Critical Remote Code Execution 4053578 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for 32-bit Systems 4056890 (Security Update) Critical Remote Code Execution 4053579 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1607 for x64-based Systems 4056890 (Security Update) Critical Remote Code Execution 4053579 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for 32-bit Systems 4056891 (Security Update) Critical Remote Code Execution 4053580 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1703 for x64-based Systems 4056891 (Security Update) Critical Remote Code Execution 4053580 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for 32-bit Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows 10 Version 1709 for x64-based Systems 4056892 (Security Update) Critical Remote Code Execution 4054517 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes
Microsoft Edge on Windows Server 2016 4056890 (Security Update) Moderate Remote Code Execution 4053579 Base: 4.20
Temporal: 3.80
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2018-0762 None

CVE-2018-0766 - Microsoft Edge Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2018-0766
MITRE
NVD
CVE Title: Microsoft Edge Information Disclosure Vulnerability
Description:

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory.