Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s February 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-765 on Wednesday, February 14th.

In-The-Wild & Disclosed CVEs

CVE-2018-0771

This vulnerability describes a Same-Origin Policy (SOP) bypass in Microsoft Edge. The SOP is designed to prevent content from one origin (defined by port, protocol, and host) from accessing content within another origin. Bypassing this policy can allow content to be manipulated or transmitted between origins. For more details on the Same-Origin Policy, Mozilla has published detailed documentation.

Microsoft has rated this as a 2 on the Exploitability Index (Exploitation Less Likely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Common Log File System Driver
2
CVE-2018-0844, CVE-2018-0846
Device Guard
1
CVE-2018-0827
Graphic Fonts
4
CVE-2018-0755. CVE-2018-0760. CVE-2018-0761. CVE-2018-0855
Internet Explorer
1
CVE-2018-0866
Microsoft Browsers
1
CVE-2018-0840
Microsoft Edge
3
CVE-2018-0839, CVE-2018-0771, CVE-2018-0763
Microsoft Office
7
CVE-2018-0841, CVE-2018-0852, CVE-2018-0869, CVE-2018-0850, CVE-2018-0851, CVE-2018-0853, CVE-2018-0864
Microsoft Scripting Engine
11
CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861
Microsoft Windows
8
CVE-2018-0828, CVE-2018-0847, CVE-2018-0820, CVE-2018-0821, CVE-2018-0822, CVE-2018-0823, CVE-2018-0825, CVE-2018-0826
Windows Kernel
11
CVE-2018-0810, CVE-2018-0829, CVE-2018-0830, CVE-2018-0831, CVE-2018-0832, CVE-2018-0842, CVE-2018-0843, CVE-2018-0742, CVE-2018-0756, CVE-2018-0809, CVE-2018-0757
Windows SMB Server
1
CVE-2018-0833

 

Other Information

In addition to the Microsoft vulnerabilities included in the February Security Guidance, a number of security advisories were also made available.

Guidance to mitigate speculative execution side-channel vulnerabilities [ADV180002]

Microsoft has once again updated ADV180002, the Spectre and Meltdown advisory. This 12th revision to the advisory announces the release of updates for Windows 10 x86.

February 2018 Adobe Flash Security Update [ADV180004]

Released last week, Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-03. This includes fixes for CVE-2018-4877 and CVE-2018-4878.

The Executive's Guide to the Top 20 Critical Security Controls
<!-- -->