9 January 2018

MS January patches 2.0: first zero-day in MS Word this year and 23 other bugs

MS January patches 2.0: first zero-day in MS Word this year and 23 other bugs

Microsoft continued their patch cycle as planned today releasing fixes for 24 vulnerabilities in total.

Particular attention requires zero-day vulnerability in Microsoft Word (CVE-2018-0802). All supported versions of MS Word (2007-2016) are vulnerable to this issue. Given the number of credited AV companies in the advisory, it is safe to assume that the exploit has been used in the wild against multiple victims. There is no additional information about the attack or its targets, so let’s wait and see =)

During this update cycle Microsoft patched 15 vulnerabilities in Microsoft Office. Most of them are Word related. Below is the list of all vulnerabilities patched today:

Software Severity CVE/CVSS Known exploits
SB2018010916: Remote code execution in Microsoft Excel (1)
Microsoft Office
Microsoft Excel
High CVE-2018-0796
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Not available
SB2018010915: Remote code execution in Microsoft Office (1)
Microsoft Office High CVE-2018-0795
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Not available
SB2018010914: Multiple vulnerabilities in Microsoft Word (10)
Microsoft Office
Microsoft Word
Microsoft Outlook
High CVE-2018-0812
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0807
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0806
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0805
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0801
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0798
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0797
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0794
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0793
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0804
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Not available
SB2018010913: Spoofing attack in Microsoft Office for Mac (1)
Microsoft Office for Mac Low CVE-2018-0819
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
Not available
SB2018010911: Remote code execution in Microsoft Word 2016 (1)
Microsoft Office
Microsoft Word
Microsoft SharePoint Server
Office Online Server
High CVE-2018-0792
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Not available
SB2018010910: Remote code execution in Microsoft Outlook (2)
Microsoft Office
Microsoft Outlook
High CVE-2018-0791
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0793
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Not available
SB2018010909: Multiple vulnerabilities in Microsoft .NET Framework (2)
Microsoft .NET Framework Low CVE-2018-0786
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CVE-2018-0764
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
Not available
SB2018010908: Multiple vulnerabilities in Microsoft ASP.NET Core (5)
ASP.NET Core MVC
Microsoft SharePoint Server
Low CVE-2018-0784
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0785
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0789
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CVE-2018-0786
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
CVE-2018-0764
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
Not available
SB2018010907: Multiple vulnerabilities in Microsoft SharePoint Server (4)
Microsoft SharePoint Server High CVE-2018-0789
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CVE-2018-0792
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE-2018-0799
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
CVE-2018-0790
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
Not available
SB2018010905: Remote code execition in Microsoft Word (1)
Microsoft Office
Microsoft Word
Сritical CVE-2018-0802
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
This vulnerability is being exploited in the wild.

Back to the list

Latest Posts

Our SaaS Vulnerability Scanner is recognized with IT Security Software Awards by FinancesOnline Directory

Our SaaS Vulnerability Scanner is recognized with IT Security Software Awards by FinancesOnline Directory

We are recognized and awarded by FinancesOnline.
25 April 2018
Remote code execution in NetBSD – nasty and potentially wormable bug

Remote code execution in NetBSD – nasty and potentially wormable bug

NetBSD users are advised to install patched ASAP.
12 February 2018
Zero-day vulnerability in Adobe Flash Player

Zero-day vulnerability in Adobe Flash Player

Second zero-day this year. No remedy available.
1 February 2018
Featured vulnerabilities
Multiple vulnerabilities in Apple iOS
High Patched | 25 Apr, 2018
Denial of service in Linux Kernel
Medium Patched | 25 Apr, 2018
Remote code execution in Intel 2G modem products
Medium Patched | 25 Apr, 2018