9 January 2018
MS January patches 2.0: first zero-day in MS Word this year and 23 other bugs
Microsoft continued their patch cycle as planned today releasing fixes for 24 vulnerabilities in total.
Particular attention requires zero-day vulnerability in Microsoft Word (CVE-2018-0802). All supported versions of MS Word (2007-2016) are vulnerable to this issue. Given the number of credited AV companies in the advisory, it is safe to assume that the exploit has been used in the wild against multiple victims. There is no additional information about the attack or its targets, so let’s wait and see =)
During this update cycle Microsoft patched 15 vulnerabilities in Microsoft Office. Most of them are Word related. Below is the list of all vulnerabilities patched today:
| Software | Severity | CVE/CVSS | Known exploits |
| SB2018010916: Remote code execution in Microsoft Excel (1) | |||
|
Microsoft Office Microsoft Excel |
High |
CVE-2018-0796 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Not available |
| SB2018010915: Remote code execution in Microsoft Office (1) | |||
| Microsoft Office | High |
CVE-2018-0795 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Not available |
| SB2018010914: Multiple vulnerabilities in Microsoft Word (10) | |||
|
Microsoft Office Microsoft Word Microsoft Outlook |
High |
CVE-2018-0812 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0807 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0806 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0805 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0801 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0798 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0797 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0794 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0793 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0804 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Not available |
| SB2018010913: Spoofing attack in Microsoft Office for Mac (1) | |||
| Microsoft Office for Mac | Low |
CVE-2018-0819 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
Not available |
| SB2018010911: Remote code execution in Microsoft Word 2016 (1) | |||
|
Microsoft Office Microsoft Word Microsoft SharePoint Server Office Online Server |
High |
CVE-2018-0792 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Not available |
| SB2018010910: Remote code execution in Microsoft Outlook (2) | |||
|
Microsoft Office Microsoft Outlook |
High |
CVE-2018-0791 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0793 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Not available |
| SB2018010909: Multiple vulnerabilities in Microsoft .NET Framework (2) | |||
| Microsoft .NET Framework | Low |
CVE-2018-0786 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C CVE-2018-0764 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C |
Not available |
| SB2018010908: Multiple vulnerabilities in Microsoft ASP.NET Core (5) | |||
|
ASP.NET Core MVC Microsoft SharePoint Server |
Low |
CVE-2018-0784 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0785 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0789 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C CVE-2018-0786 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C CVE-2018-0764 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C |
Not available |
| SB2018010907: Multiple vulnerabilities in Microsoft SharePoint Server (4) | |||
| Microsoft SharePoint Server | High |
CVE-2018-0789 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C CVE-2018-0792 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C CVE-2018-0799 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C CVE-2018-0790 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Not available |
| SB2018010905: Remote code execition in Microsoft Word (1) | |||
|
Microsoft Office Microsoft Word |
Сritical |
CVE-2018-0802 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C |
This vulnerability is being exploited in the wild. |
Latest Posts
China-linked LightSpy iOS implant re-emerges, targets South Asia
LightSpy contains modules designed to exfiltrate device information and saved files.16 April 2024
Cryptojacker indicted for defrauding cloud service providers of $3.5M
Parks allegedly manipulated the cloud providers into granting him elevated privileges and benefits.16 April 2024
Firebird RAT developers and sellers arrested in the US and Australia
The malware allows to remotely access victims' computers and perform illicit activities.16 April 2024
Popular Posts
Featured vulnerabilities