Microsoft Patch Tuesday – March 2018

As always, customers are advised to follow these security best practices:

• Install vendor patches as soon as they are available.
• Run all software with the least privileges required while still maintaining functionality.
• Avoid handling files from unknown or questionable sources.
• Never visit sites of unknown or questionable integrity.
• Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the March 2018 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

• Internet Explorer
• Microsoft Edge
• Microsoft Office
• ASP.NET Core
• Microsoft Exchange Server
• .NET Core
• PowerShell Core
• Microsoft Hyper-V
• Microsoft Windows
• ChakraCore

   

The following is a breakdown of the issues being addressed this month:

1. Cumulative Security Update for Microsoft Browsers

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0872) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0874) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-0876) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0930) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0931) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Internet Explorer Information Disclosure Vulnerability (CVE-2018-0932) MS Rating: Critical

   An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user's system.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0933) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0934) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-0889) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-0893) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-0925) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0936) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0937) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0939) MS Rating: Critical

   An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker can exploit this issue to obtain sensitive information to further compromise the user's system.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0873) MS Rating: Important

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0879) MS Rating: Important

   An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user's system.

    

   Microsoft Browser Information Disclosure Vulnerability (CVE-2018-0891) MS Rating: Important

   An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user's system.

    

   Microsoft Browser Information Disclosure Vulnerability (CVE-2018-0927) MS Rating: Important

   An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user's system.

    

   Internet Explorer Information Disclosure Vulnerability (CVE-2018-0929) MS Rating: Important

   An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker can exploit this issue to obtain sensitive information to further compromise the user's system.

    

   Internet Explorer Memory Corruption Vulnerability (CVE-2018-0935) MS Rating: Important

   A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Internet Explorer Elevation of Privilege Vulnerability (CVE-2018-0942) MS Rating: Important

   A privilege escalation vulnerability exists when Internet Explorer fails a check, allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.

    

2. Cumulative Security Update for Microsoft Office

   Microsoft Sharepoint Elevation of Privilege Vulnerability (CVE-2018-0947) MS Rating: Critical

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly verify tenant permissions. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. affected SharePoint server.

    

   Microsoft Access Remote Code Execution Vulnerability (CVE-2018-0903) MS Rating: Important

   A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    

   Microsoft Office Excel Security Bypass (CVE-2018-0907) MS Rating: Important

   A security bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. The Security Bypass by itself does not allow arbitrary code execution.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0909) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0910) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0911) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0912) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0913) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0914) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0915) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0916) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0917) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft Office Information Disclosure Vulnerability (CVE-2018-0919) MS Rating: Important

   An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0921) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. affected SharePoint server.

    

   Microsoft Office Memory Corruption Vulnerability (CVE-2018-0922) MS Rating: Important

   A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0923) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. affected SharePoint server.

    

   Microsoft Exchange Information Disclosure Vulnerability (CVE-2018-0941) MS Rating: Important

   An information disclosure vulnerability exists in the way that Microsoft Exchange Server handles importing data. If an impacted user is using Microsoft Exchange Outlook Web Access (OWA).

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-0944) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. affected SharePoint server.

    

   Microsoft Exchange Elevation of Privilege Vulnerability (CVE-2018-0940) MS Rating: Moderate

   A privilege escalation vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly sanitize links presented to users.

    

   Microsoft Exchange Information Disclosure Vulnerability (CVE-2018-0924) MS Rating: Low

   An information disclosure vulnerability exists in the way that Microsoft Exchange Server handles URL redirects. If an impacted user is using Microsoft Exchange Outlook Web Access (OWA) Light.

    

3. Cumulative Security Update for Microsoft ASP.NET Core

   ASP.NET Core Elevation Of Privilege Vulnerability (CVE-2018-0787) MS Rating: Important

   A privilege escalation vulnerability exists when a Kestrel web application fails to validate web requests. An attacker who successfully exploited this vulnerability could perform HTML injection attacks.

    

   ASP.NET Core Denial Of Service Vulnerability (CVE-2018-0808) MS Rating: Important

   A denial of service vulnerability exists when ASP. NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application.

    

   .NET Core Denial of Service Vulnerability (CVE-2018-0875) MS Rating: Important

   A denial of service vulnerability exists in the way that .NET Core handles specially crafted requests, causing a hash collision.

    

4. Cumulative Security Update for Microsoft Hyper-V

   Windows Hyper-V Denial of Service Vulnerability (CVE-2018-0885) MS Rating: Important

   A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.

    

   Hyper-V Information Disclosure Vulnerability (CVE-2018-0888) MS Rating: Important

   An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.

    

5. Cumulative Security Update for Microsoft Windows Kernel

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0811) MS Rating: Important

   An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0813) MS Rating: Important

   An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0814) MS Rating: Important

   An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0894) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0895) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0896) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0897) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0898) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0899) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0900) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0901) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0904) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0926) MS Rating: Important

   An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application.

    

   Win32k Elevation of Privilege Vulnerability (CVE-2018-0977) MS Rating: Important

   A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    

6. Cumulative Security Update for Microsoft Windows

   Windows GDI Elevation of Privilege Vulnerability (CVE-2018-0815) MS Rating: Important

   A privilege escalation vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    

   Windows GDI Elevation of Privilege Vulnerability (CVE-2018-0816) MS Rating: Important

   A privilege escalation vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    

   Windows GDI Elevation of Privilege Vulnerability (CVE-2018-0817) MS Rating: Important

   A privilege escalation vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    

   Windows Installer Elevation of Privilege Vulnerability (CVE-2018-0868) MS Rating: Important

   A privilege escalation vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges.

    

   Windows Desktop Bridge VFS Elevation of Privilege Vulnerability (CVE-2018-0877) MS Rating: Important

   A privilege escalation vulnerability exists in Windows when the Desktop Bridge VFS does not take into account user/kernel mode when managing file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    

   Windows Remote Assistance Information Disclosure Vulnerability (CVE-2018-0878) MS Rating: Important

   An information disclosure vulnerability exists when Windows Remote Assistance incorrectly processes XML External Entities (XXE).

    

   Windows Desktop Bridge Elevation of Privilege Vulnerability (CVE-2018-0880) MS Rating: Important

   A privilege escalation vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    

   Microsoft Video Control Elevation of Privilege Vulnerability (CVE-2018-0881) MS Rating: Important

   A privilege escalation vulnerability exists in Windows when the Microsoft Video Control mishandles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in system mode.

    

   Windows Desktop Bridge Elevation of Privilege Vulnerability (CVE-2018-0882) MS Rating: Important

   A privilege escalation vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    

   Windows Shell Remote Code Execution Vulnerability (CVE-2018-0883) MS Rating: Important

   A remote code execution vulnerability exists when Windows Shell does not properly validate file copy destinations. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    

   Windows Security Bypass Vulnerability (CVE-2018-0884) MS Rating: Important

   A security bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

    

   CredSSP Remote Code Execution Vulnerability (CVE-2018-0886) MS Rating: Important

   A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP).

    

   CNG Security Bypass Vulnerability (CVE-2018-0902) MS Rating: Important

   A security bypass vulnerability exists in the Cryptography Next Generation (CNG) kernel-mode driver (cng. sys) when it fails to properly validate and enforce impersonation levels.

    

   Windows Storage Services Elevation of Privilege Vulnerability (CVE-2018-0983) MS Rating: Important

   A privilege escalation vulnerability exists when Storage Services improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.