Microsoft Patch Tuesday – April 2018

As always, customers are advised to follow these security best practices:

• Install vendor patches as soon as they are available.
• Run all software with the least privileges required while still maintaining functionality.
• Avoid handling files from unknown or questionable sources.
• Never visit sites of unknown or questionable integrity.
• Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April 2018 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

• Internet Explorer
• Microsoft Edge
• Microsoft Office
• Microsoft Visual Studio
• Microsoft Hyper-V
• Microsoft EOT Font Engine
• Microsoft Windows
• ChakraCore

   

The following is a breakdown of the issues being addressed this month:

1. Cumulative Security Update for Microsoft Browsers

   Internet Explorer Memory Corruption Vulnerability (CVE-2018-0870) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Internet Explorer Memory Corruption Vulnerability (CVE-2018-1018) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Internet Explorer Memory Corruption Vulnerability (CVE-2018-1020) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Internet Explorer Memory Corruption Vulnerability (CVE-2018-0991) MS Rating: Critical

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Internet Explorer Memory Corruption Vulnerability (CVE-2018-0988) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-0996) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Scripting Engine Information Disclosure Vulnerability (CVE-2018-1000) MS Rating: Critical

   An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data.

    

   Scripting Engine Information Disclosure Vulnerability (CVE-2018-0981) MS Rating: Critical

   An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0979) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0980) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0993) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0994) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0995) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-1019) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Microsoft Browser Memory Corruption Vulnerability (CVE-2018-1023) MS Rating: Critical

   A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

    

   Internet Explorer Memory Corruption Vulnerability (CVE-2018-0997) MS Rating: Important

   A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0998) MS Rating: Important

   An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

    

   Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0892) MS Rating: Important

   An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

    

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-1001) MS Rating: Important

   A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Scripting Engine Information Disclosure Vulnerability (CVE-2018-0987) MS Rating: Important

   An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

    

   Scripting Engine Information Disclosure Vulnerability (CVE-2018-0989) MS Rating: Important

   An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could provide an attacker with information to further compromise the user's computer or data.

    

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-0990) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

2. Cumulative Security Update for Microsoft EOT Font Engine

   Windows EOT Font Engine Remote Code Execution (CVE-2018-1010) MS Rating: Critical

   A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

    

   Windows EOT Font Engine Remote Code Execution (CVE-2018-1012) MS Rating: Critical

   A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

    

   Windows EOT Font Engine Remote Code Execution (CVE-2018-1013) MS Rating: Critical

   A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

    

   Windows EOT Font Engine Remote Code Execution (CVE-2018-1015) MS Rating: Critical

   A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

    

   Windows EOT Font Engine Remote Code Execution (CVE-2018-1016) MS Rating: Critical

   A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

    

3. Cumulative Security Update for Microsoft Office

   Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2018-1028) MS Rating: Important

   A remote code execution vulnerability exists when the Office graphics improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system.

    

   Microsoft Office Graphics Information Disclosure Vulnerability (CVE-2018-1007) MS Rating: Important

   An information disclosure vulnerability exists when an Office Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

    

   Microsoft Outlook Information Disclosure Vulnerability (CVE-2018-0950) MS Rating: Important

   An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.

    

   Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-0920) MS Rating: Important

   A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    

   Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1011) MS Rating: Important

   A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    

   Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1026) MS Rating: Important

   A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    

   Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1027) MS Rating: Important

   A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    

   Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1029) MS Rating: Important

   A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    

   Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-1030) MS Rating: Important

   A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-1032) MS Rating: Important

   An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-1034) MS Rating: Important

   An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-1005) MS Rating: Important

   An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

    

   Microsoft SharePoint Elevation of Privilege Vulnerability (CVE-2018-1014) MS Rating: Important

   An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted URL to a user of an affected SharePoint server.

    

4. Cumulative Security Update for Microsoft Windows Kernel

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0887) MS Rating: Important

   An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0968) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0969) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0970) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0971) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0972) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0973) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0974) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0975) MS Rating: Important

   An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object.

    

   Windows Kernel Information Disclosure Vulnerability (CVE-2018-0960) MS Rating: Important

   An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

    

   Windows Kernel Elevation of Privilege (CVE-2018-0963) MS Rating: Important

   An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    

5. Cumulative Security Update for Microsoft Visual Studio

   Microsoft Visual Studio Information Disclosure Vulnerability (CVE-2018-1037) MS Rating: Important

   An information disclosure vulnerability exists when Visual Studio improperly discloses the contents of its memory. An attacker who exploited the vulnerability could view uninitialized memory from the computer used to compile a program database file.

    

6. Cumulative Security Update for Microsoft Hyper-V

   Hyper-V Information Disclosure (CVE-2018-0957) MS Rating: Important

   An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

    

   Hyper-V Information Disclosure (CVE-2018-0964) MS Rating: Important

   An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

    

7. Cumulative Security Update for Microsoft Windows

   Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-1004) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    

   Active Directory Security Feature Bypass Vulnerability (CVE-2018-0890) MS Rating: Important

   A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings. To exploit this vulnerability, an attacker could run a specially crafted application.

    

   HTTP.sys Denial of Service Vulnerability (CVE-2018-0956) MS Rating: Important

   A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive.

    

   Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability (CVE-2018-0976) MS Rating: Important

   A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.

    

   Windows SNMP Service Denial of Service Vulnerability (CVE-2018-0967) MS Rating: Important

   A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

    

   Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability (CVE-2018-1009) MS Rating: Important

   An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to take control over the affected system.

    

   Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-1003) MS Rating: Important

   A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system.

    

   OpenType Font Driver Elevation of Privilege Vulnerability (CVE-2018-1008) MS Rating: Important

   An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD. dll) when it fails to properly handle objects in memory.

    

   Device Guard Security Feature Bypass Vulnerability (CVE-2018-0966) MS Rating: Important

   A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed.

    

   Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability (CVE-2018-8117) MS Rating: Important

   A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices. An attacker would first have to extract the AES encryption key from the affected keyboard device.

    

   Microsoft Graphics Component Denial of Service Vulnerability (CVE-2018-8116) MS Rating: Moderate

   A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

    

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.