4 January 2018

Microsoft unexpectedly patched 33 vulnerabilities in Windows and its browsers


Microsoft unexpectedly patched 33 vulnerabilities in Windows and its browsers

We were expecting the first batch of patches from Microsoft next week only, during regular second Tuesday routing. Microsoft however has decided not to fulfill our expectations and released yesterday security patches for 33 vulnerabilities addressing different Windows components, Internet Explorer and Edge browsers.

Along with usual privilege escalations in Windows, RCEs in browsers and infamous these days buggy implementation of code on Intel processors, Microsoft has patched a nasty remote DoS vulnerability in IPSec implementation. So, if you rely on IPSec to control access to your infrastructure, update ASAP.

Here is the list of vulnerabilities and our advisories:

Software Severity CVE/CVSS Known exploits
SB2018010410: Multiple vulnerabilities in Microsoft Edge (19)
ChakraCore
Microsoft Edge
Microsoft Internet Explorer 		High CVE-2018-0818
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C
CVE-2018-0773
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0774
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0781
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0758
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0762
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0768
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0769
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0770
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0772
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0775
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0776
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0777
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0778
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0780
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0803
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
CVE-2018-0800
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CVE-2018-0766
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
CVE-2018-0767
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
 Not available
SB2018010409: Remote code execution in Microsoft Internet Explorer (2)
Microsoft Edge
Microsoft Internet Explorer 		High CVE-2018-0762
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0772
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
 Not available
SB2018010408: Two vulnerabilities in Microsoft Windows OpenType Font Driver (2)
Windows
Windows Server 		Low CVE-2018-0788
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0754
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C
 Not available
SB2018010407: Privilege escalation in Windows Subsystem for Linux (1)
Windows
Windows Server 		Low CVE-2018-0743
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Not available
SB2018010406: Information disclosure in Microsoft Color Management (1)
Windows Server
Windows 		Medium CVE-2018-0741
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C
 Not available
SB2018010405: Privilege escalation in Microsoft Windows SMB Server (1)
Windows
Windows Server 		Low CVE-2018-0749
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
 Not available
SB2018010404: Information disclosure in Microsoft Windows GDI (1)
Windows Server
Windows 		Low CVE-2018-0750
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C
 Not available
SB2018010403: Denial of service in Microsoft Windows IPSec (1)
Windows
Windows Server 		Medium CVE-2018-0753
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
 Not available
SB2018010402: Multiple vulnerabilities in Microsoft Windows kernel (7)
Windows
Windows Server 		Low CVE-2018-0746
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C
CVE-2018-0747
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C
CVE-2018-0748
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0751
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0752
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0744
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0745
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C
 Not available

Back to the list

Latest Posts

Iranian hackers exploit RMM tools to deliver malware

Iranian hackers exploit RMM tools to deliver malware

One of the aspects of MuddyWater's strategy involves exploiting Atera's free trial offers.
24 April 2024
Ongoing malware campaign targets multiple industries, distributes infostealers

Ongoing malware campaign targets multiple industries, distributes infostealers

The campaign leverages a CDN cache domain as a download server, hosting malicious HTA files and payloads.
24 April 2024
US charges four Iranian hackers for cyber intrusions

US charges four Iranian hackers for cyber intrusions

The group targeted both both government and private entities.
24 April 2024
Popular Posts
Featured vulnerabilities
Code injection in IBM Administration Runtime Expert for i
High Patched | 25 Apr, 2024
Open redirect in IBM Event Processing
Low Patched | 25 Apr, 2024
Multiple vulnerabilities in IBM Security Verify Governance - Identity Manager, Container
High Patched | 25 Apr, 2024
Resource exhaustion in IBM Event Streams
Medium Patched | 25 Apr, 2024
Improper Certificate Validation in LINE client for iOS
Medium Patched | 25 Apr, 2024