Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 67 new vulnerabilities, with 21 of them rated critical, 42 of them rated important, and four rated as low severity. These vulnerabilities impact Outlook, Office, Exchange, Edge, Internet Explorer and more.
In addition to the 67 vulnerabilities referenced above, Microsoft has also released a critical update advisory, ADV180008, which addresses the vulnerability CVE-2018-4944 described in the Adobe security bulletin APSB18-16.
Critical Vulnerabilities
This month, Microsoft is addressing 21 vulnerabilities that are rated as critical. Talos believes one of these is notable and requires prompt attention.
CVE-2018-8174 - Windows VBScript Engine Remote Code Execution Vulnerability.
A remote code execution vulnerability exists in the VBScript scripting engine (vbscript.dll) of Windows. This vulnerability allows an attacker to include malicious VBScript within a website or embedded within an Office file, which when executed allows an attacker to execute arbitrary code in the context of the current user. Threat actors are currently exploiting this vulnerability.
Other vulnerabilities rated as critical are listed below:
CVE-2018-0959 - Hyper-V Remote Code Execution Vulnerability
CVE-2018-0961 - Hyper-V vSMB Remote Code Execution Vulnerability
CVE-2018-8115 - Windows Host Compute Service Shim Remote Code Execution Vulnerability
CVE-2018-8178 - Microsoft Browser Memory Corruption Vulnerability
CVE-2018-0946 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0951 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0953 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0954 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0955 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8114 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8122 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8137 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0945 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-1022 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8139 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8128 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8133 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0943 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8130 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8177 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0961 - Hyper-V vSMB Remote Code Execution Vulnerability
CVE-2018-8115 - Windows Host Compute Service Shim Remote Code Execution Vulnerability
CVE-2018-8178 - Microsoft Browser Memory Corruption Vulnerability
CVE-2018-0946 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0951 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0953 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0954 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0955 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8114 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8122 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8137 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-0945 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-1022 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8139 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8128 - Scripting Engine Memory Corruption Vulnerability
CVE-2018-8133 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-0943 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8130 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8177 - Chakra Scripting Engine Memory Corruption Vulnerability
Important Vulnerabilities
This month, Microsoft is addressing 42 vulnerabilities that are rated important.
CVE-2018-8120 - Win32k Elevation of Privilege Vulnerability
CVE-2018-8123 - Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8124 - Win32k Elevation of Privilege Vulnerability
CVE-2018-8147 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8148 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8157 - Microsoft Office Remote Code Execution Vulnerability
CVE-2018-8158 - Microsoft Office Remote Code Execution Vulnerability
CVE-2018-8161 - Microsoft Office Remote Code Execution Vulnerability
CVE-2018-8162 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8164 - Win32k Elevation of Privilege Vulnerability
CVE-2018-8165 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2018-8166 - Win32k Elevation of Privilege Vulnerability
CVE-2018-8167 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2018-8179 - Microsoft Edge Memory Corruption Vulnerability
CVE-2018-0765 - .NET and .NET Core Denial of Service Vulnerability
CVE-2018-0824 - Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2018-0854 - Windows Security Feature Bypass Vulnerability
CVE-2018-0958 - Windows Security Feature Bypass Vulnerability
CVE-2018-1021 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-1025 - Microsoft Browser Information Disclosure Vulnerability
CVE-2018-1039 - .NET Framework Device Guard Security Feature Bypass Vulnerability
CVE-2018-8112 - Microsoft Edge Security Feature Bypass Vulnerability
CVE-2018-8119 - Azure IoT SDK Spoofing Vulnerability
CVE-2018-8126 - Internet Explorer Security Feature Bypass Vulnerability
CVE-2018-8127 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-8129 - Windows Security Feature Bypass Vulnerability
CVE-2018-8132 - Windows Security Feature Bypass Vulnerability
CVE-2018-8134 - Windows Elevation of Privilege Vulnerability
CVE-2018-8141 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-8145 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8149 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8150 - Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2018-8151 - Microsoft Exchange Memory Corruption Vulnerability
CVE-2018-8152 - Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2018-8155 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8156 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8159 - Microsoft Exchange Elevation of Privilege Vulnerability
CVE-2018-8160 - Microsoft Outlook Information Disclosure Vulnerability
CVE-2018-8163 - Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8170 - Windows Image Elevation of Privilege Vulnerability
CVE-2018-8173 - Microsoft InfoPath Remote Code Execution Vulnerability
CVE-2018-8897 - Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8123 - Microsoft Edge Memory Corruption Vulnerability
CVE-2018-8124 - Win32k Elevation of Privilege Vulnerability
CVE-2018-8147 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8148 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8157 - Microsoft Office Remote Code Execution Vulnerability
CVE-2018-8158 - Microsoft Office Remote Code Execution Vulnerability
CVE-2018-8161 - Microsoft Office Remote Code Execution Vulnerability
CVE-2018-8162 - Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8164 - Win32k Elevation of Privilege Vulnerability
CVE-2018-8165 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2018-8166 - Win32k Elevation of Privilege Vulnerability
CVE-2018-8167 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2018-8179 - Microsoft Edge Memory Corruption Vulnerability
CVE-2018-0765 - .NET and .NET Core Denial of Service Vulnerability
CVE-2018-0824 - Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2018-0854 - Windows Security Feature Bypass Vulnerability
CVE-2018-0958 - Windows Security Feature Bypass Vulnerability
CVE-2018-1021 - Microsoft Edge Information Disclosure Vulnerability
CVE-2018-1025 - Microsoft Browser Information Disclosure Vulnerability
CVE-2018-1039 - .NET Framework Device Guard Security Feature Bypass Vulnerability
CVE-2018-8112 - Microsoft Edge Security Feature Bypass Vulnerability
CVE-2018-8119 - Azure IoT SDK Spoofing Vulnerability
CVE-2018-8126 - Internet Explorer Security Feature Bypass Vulnerability
CVE-2018-8127 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-8129 - Windows Security Feature Bypass Vulnerability
CVE-2018-8132 - Windows Security Feature Bypass Vulnerability
CVE-2018-8134 - Windows Elevation of Privilege Vulnerability
CVE-2018-8141 - Windows Kernel Information Disclosure Vulnerability
CVE-2018-8145 - Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8149 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8150 - Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2018-8151 - Microsoft Exchange Memory Corruption Vulnerability
CVE-2018-8152 - Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2018-8155 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8156 - Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2018-8159 - Microsoft Exchange Elevation of Privilege Vulnerability
CVE-2018-8160 - Microsoft Outlook Information Disclosure Vulnerability
CVE-2018-8163 - Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8170 - Windows Image Elevation of Privilege Vulnerability
CVE-2018-8173 - Microsoft InfoPath Remote Code Execution Vulnerability
CVE-2018-8897 - Windows Kernel Elevation of Privilege Vulnerability
Coverage
In response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.
Snort Rules:
46538 - 46539,
46544 - 46549,
46552 - 46565,
46594 - 46597,
46601 - 46604
46544 - 46549,
46552 - 46565,
46594 - 46597,
46601 - 46604
