Microsoft Patch Tuesday - March 2018

Microsoft Patch Tuesday - March 2018

Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 74 new vulnerabilities, with 14 of them rated critical and 59 of them rated important. These vulnerabilities impact Internet Explorer, Edge, Exchange, Scripting Engine, Windows Shell and more.

Critical Vulnerabilities

This month, Microsoft is addressing 14 vulnerabilities that are rated as critical.

The vulnerabilities rated as critical are listed below:

CVE-2018-0872 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0874 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0876 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0889 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0893 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0925 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0930 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0931 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0932 - Microsoft Browser Information Disclosure Vulnerability
CVE-2018-0933 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0934 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0936 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0937 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0939 - Scripting Engine Information Disclosure Vulnerability

Important Vulnerabilities

This month, Microsoft is addressing 59 vulnerabilities that are rated as important. Talos believes one of these is notable and should be called out.

CVE-2018-0883 - Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Windows Shell. This vulnerability could be exploited by an attacker convincing a user to open a specially crafted file via email, messaging, or other means. An attacker exploiting this vulnerability could execute arbitrary code in context of the current user.

Other vulnerabilities rated as important are listed below:

CVE-2018-0877 - Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
CVE-2018-0878 - Windows Remote Assistance Information Disclosure Vulnerability
CVE-2018-0879 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-0880 - Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2018-0881 - Microsoft Video Control Elevation of Privilege Vulnerability
CVE-2018-0882 - Windows Desktop Bridge Elevation of Privilege Vulnerability
CVE-2018-0787 - ASP.NET Core Elevation Of Privilege Vulnerability
CVE-2018-0808 - ASP.NET Core Denial Of Service Vulnerability
CVE-2018-0811 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0813 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0814 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0815 - Windows GDI Elevation of Privilege Vulnerability
CVE-2018-0816 - Windows GDI Elevation of Privilege Vulnerability
CVE-2018-0817 - Windows GDI Elevation of Privilege Vulnerability
CVE-2018-0868 - Windows Installer Elevation of Privilege Vulnerability
CVE-2018-0873 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0875 - ASP.NET Core Denial of Service Vulnerability
CVE-2018-0884 - Windows Security Feature Bypass Vulnerability
CVE-2018-0885 - Windows Hyper-V Denial of Service Vulnerability
CVE-2018-0886 - CredSSP Remote Code Execution Vulnerability
CVE-2018-0888 - Hyper-V Information Disclosure Vulnerability
CVE-2018-0891 - Microsoft Browser Information Disclosure Vulnerability
CVE-2018-0894 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0895 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0896 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0897 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0898 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0899 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0900 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0901 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0902 - CNG Security Feature Bypass Vulnerability
CVE-2018-0903 - Microsoft Access Remote Code Execution Vulnerability
CVE-2018-0904 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0907 - Microsoft Office Excel Security Feature Bypass
CVE-2018-0909 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0910 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0911 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0912 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0913 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0914 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0915 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0916 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0917 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0919 - Microsoft Office Information Disclosure Vulnerability
CVE-2018-0921 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0922 - Microsoft Office Memory Corruption Vulnerability
CVE-2018-0923 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0926 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-0927 - Microsoft Browser Information Disclosure Vulnerability
CVE-2018-0929 - Internet Explorer Information Disclosure Vulnerability
CVE-2018-0935 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0940 - Microsoft Exchange Elevation of Privilege Vulnerability
CVE-2018-0941 - Microsoft Exchange Information Disclosure Vulnerability
CVE-2018-0942 - Internet Explorer Elevation of Privilege Vulnerability
CVE-2018-0944 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-0947 - Microsoft Sharepoint Elevation of Privilege Vulnerability
CVE-2018-0977 - Win32k Elevation of Privilege Vulnerability
CVE-2018-0983 - Windows Storage Services Elevation of Privilege Vulnerability

Coverage

In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

Snort Rules:
45873-45884
45887-45890
45892-45895
45900-45903

Tags: patch tuesday,Talos,Vulnerability Report

Share: Email, ReBlog, Twitter, Facebook, Pinterest, Google+

Newer Post: Newer Post

Older Post: Older Post

Date: Tuesday, March 13, 2018

Discussion

License
About
Reserv

Powered by Manual Template

Search Something...

Home
Introduction
_About Online Document
_About Manual Template
Newbies
_Register Blogger Account
_Create First Blog
Installation
_Locate Template File
_Change Template Settings
_Translate Template
_Install Template
_Update Template
_Mobile Template
Customize
_Work with Home
_Sidebar Logo
_Main Menu
Shortcodes
_DropCap
_Button
_Message Box
_Horizontal Tab
_Vertical Tab
_Accordion and Toggle
_Columns
_Code Box

Name

Email

Message

.NET 0-day 0day ACDSee Adobe advisory adwind AMP Android Antenna House antivirus apple APT arbitrary code execution Attribution Automation Bahamut BASS beers with talos bitcoin Bitvote Black Hat botnet Brazil BRKSEC-2010 CASC chrome cisco Cisco Live Cisco Security Clam AV ClamAV Cobalt group code injection command injection conferences Coverage cryptocurrency cryptomining CSV CTA CVE-2016-8610 CVE-2017-0199 cve-2017-11882 CVE-2017-5638 CVE-2018-3857 CVE-2018-3858 CVE-2018-3859 CVE-2018-3860 CVE-2018-3870 CVE-2018-3871 CVE-2018-8506 cybercrime dark cloud DDE Decryptor Def Con detection dispute DOC DoS Excel Exploit exploit kits RTF fast flux Flash formbook Foscam Foxit Fuzzing gandcrab google GoScanSSH gozi gplayed GravityRAT Group123 Hangul healthcare HWP Hyland IcedID ICS IDA Pro IMAP incident response India inesap infostealer intel iOS IoT iot malware iPhone IR isfb jRAT JScript kernel mode KevDroid Korea Linux macros MalDoc Malware Malware Analysis Malware Research MDM meltdown meraki Microsoft Microsoft Patch Tuesday Middle East miners mining mobile device management monero Moxa ms tuesday natus NavRAT new router malware NordVPN North Korea nvidia Office office router attack Olympic Destoryer Olympic Destroyer Olympics opsec password stealer patch tuesday PDF phishing PhotoLine PLC podcast pony Powershell privilege escalation ProntoVPN PTEX PubNub PubNubRAT py2exe Pyeongchang pyrebox python Qatar ransomware RAT remcos remote access tool remote code execution research research spotlight reven ReversingLabs Rocke Rockwell Automation ROKRAT rootkit rtf ruby ryptoShuffler samsam samsung Scriptlets security updates sennoma signatures SimpleDirect Media Layer smartthings Smoke Loader Snort Snort Rules Sony South Korea spam spectre spyeye stealer steam struts support Talos TALOS-2017-0507 talosintelligence.com telegrab telegram Tetrane Thanatos ThanatosDecryptor threat intelligence Threat Research Threat Research Summit Threat Round-up Threat Roundup ThreatGrid threats TIFF trickbot trojan TTRS Umbrella ursnif VBScript VMI vpn filter attack VPNFiler VPNFilter VPNFilter malware vuln dev vulndev vulnerabilities Vulnerability vulnerability analysis Vulnerability Report Vulnerability Research vulnerability spotlight vulnerabillity vulnerable routers Whitepaper Windows WindowsCodecs.dll wipers xamarin XSS

false

ltr

item

materialize material: Microsoft Patch Tuesday - March 2018

Microsoft Patch Tuesday - March 2018

materialize material

https://materialize-material.blogspot.com/2018/03/microsoft-patch-tuesday-march-2018.html

https://materialize-material.blogspot.com/

http://materialize-material.blogspot.com/

http://materialize-material.blogspot.com/2018/03/microsoft-patch-tuesday-march-2018.html

true

1816414542238562206

UTF-8

Not found any posts Not found any related posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU Tag ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Contents See also related Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy