High Threat Security Alert (A18-01-07): Multiple Vulnerabilities in Microsoft Products (January 2018)


 

Published on: 10 January 2018

  
  

Description:

Microsoft has released 55 security updates addressing multiple vulnerabilities which affect several Microsoft products or components and 5 of them enhancing the security as a defense in depth measure.

Users are advised to take immediate action to patch the affected systems, especially for those installed with Microsoft Office, since exploitation has been reported in the wild.

 

Affected Systems:

  • Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1
  • Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, 2016 for Mac, 2016 Click-to-Run
  • Microsoft Office Compatibility Pack
  • Microsoft Office Online Server 2016
  • Microsoft Office Web Apps 2010
  • Microsoft Office Web Apps Server 2013
  • Microsoft Excel 2007, 2010, 2013, 2013 RT, 2016, 2016 Click-to-Run
  • Microsoft Excel Viewer 2007
  • Microsoft Word 2007, 2010, 2013, 2013 RT, 2016
  • Microsoft Word Viewer 2007
  • Microsoft Outlook 2007, 2010, 2013, 2013 RT, 2016
  • Microsoft SharePoint Enterprise Server 2013, 2016
  • Microsoft SharePoint Foundation 2010, Server 2010
  • ASP.NET Core 2.0
  • .NET Core 1.0, 1.1, 2.0

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security feature bypass, spoofing or tampering.

 

Recommendation:

Patches for affected products are available from the Windows Update/Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99
https://support.microsoft.com/en-us/help/20180109/security-update-deployment-information
https://www.hkcert.org/my_url/en/alert/18011001
https://www.us-cert.gov/ncas/current-activity/2018/01/09/Microsoft-Releases-January-2018-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180001
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0764
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0784 (to CVE-2018-0786)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0789 (to CVE-2018-0799)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0801 (to CVE-2018-0802)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0804 (to CVE-2018-0807)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0819

 



Tag: Microsoft , .NET Framework , Microsoft Office , Microsoft Office Web Apps , Excel , Word , SharePoint , ASP.NET Core , .NET Core
Tags