Security Alert (A18-02-03): Multiple Vulnerabilities in Microsoft Products (February 2018)


 

Published on: 14 February 2018

  
  

Description:

Microsoft has released 32 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

Microsoft has also updated its security advisory related to the Meltdown and Spectre vulnerabilities (ref. ADV180002) issued in Jan 2018. Accordingly, Microsoft has released new security updates to provide additional protections for the 32-bit (x86) versions of Windows 10 but the updates do not apply to x64 (64-bit) systems. Users should follow the recommendations to apply the latest security updates wherever applicable.

 

Affected Systems:

  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Edge
  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
  • Microsoft Windows Server, version 1709
  • Microsoft Office 2007, 2010, 2013, 2013 RT, 2016, 2016 Click-to-Run
  • Microsoft Word Viewer
  • Microsoft Outlook 2007, 2010, 2013, 2013 RT, 2016
  • Microsoft Project Server 2013
  • Microsoft SharePoint Enterprise Server 2016
  • ChakraCore

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure or security feature bypass.

 

Recommendation:

Patches for affected products are available from the Windows Update/Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/879af9c3-970b-e811-a961-000d3a33c573
https://support.microsoft.com/en-us/help/20180213/security-update-deployment-information
https://www.hkcert.org/my_url/en/alert/18021401
https://www.us-cert.gov/ncas/current-activity/2018/02/13/Microsoft-Releases-February-2018-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0755 (to CVE-2018-0757)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0761
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0771
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0820 (to CVE-2018-0823)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0825 (to CVE-2018-0844)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0850 (to CVE-2018-0853)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0855 (to CVE-2018-0861)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0869

 



Tag: Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Word , Outlook , Project , SharePoint , ChakraCore
Tags