Security Alert (A18-03-02): Multiple Vulnerabilities in Microsoft Products (March 2018)


 

Published on: 14 March 2018

  
  

Description:

Microsoft has released 47 security updates addressing multiple vulnerabilities which affect several Microsoft products or components.

 

Affected Systems:

  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Edge
  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
  • Microsoft Windows Server, version 1709
  • Microsoft Office 2010, 2016 for Mac, 2016 Click-to-Run
  • Microsoft Office Compatibility Pack
  • Microsoft Office Online Server 2016
  • Microsoft Office Web Apps 2010, 2013,
  • Microsoft Office Web Apps Server 2013
  • Microsoft Office Word Viewer
  • Microsoft Access 2010, 2013, 2016
  • Microsoft Excel 2007, 2010, 2013, 2013 RT, 2016
  • Microsoft Word 2007, 2010, 2013, 2013 RT, 2016
  • Microsoft Project Server 2013
  • Microsoft Exchange Server 2010, 2013, 2016
  • Microsoft SharePoint Enterprise Server 2013, 2016
  • Microsoft SharePoint Foundation 2013
  • Microsoft SharePoint Server 2010
  • Microsoft Identity Manager 2016
  • PowerShell Core 6.0.0
  • .NET Core 1.0, 1.1, 2.0
  • ASP.NET Core 2.0
  • ChakraCore

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure or security feature bypass.

 

Recommendation:

Patches for affected products are available from the Windows Update/Microsoft Update Catalog.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/6c8fa125-28f6-e711-a963-000d3a33a34d
https://support.microsoft.com/en-us/help/20180313/security-update-deployment-information
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180006
https://www.hkcert.org/my_url/en/alert/18031401
https://www.us-cert.gov/ncas/current-activity/2018/03/13/Microsoft-Releases-March-2018-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0808
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0813 (to CVE-2018-0817)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0872 (to CVE-2018-0886)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0891
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0893 (to CVE-2018-0904)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0907 (to CVE-2018-0917)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0921 (to CVE-2018-0927)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0929 (to CVE-2018-0937)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0939 (to CVE-2018-0942)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0977
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0983

 



Tag: Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Microsoft Office Web Apps , Access , Excel , Word , Project Server , Exchange Server , SharePoint , Identity Manager , PowerShell Core , .NET Core , ASP.NET Core , ChakraCore
Tags