Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s March 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-769 on Wednesday, March 14th.

In-The-Wild & Disclosed CVEs


This publicly disclosed CVE could lead to a successful denial of service against ASP.NET Core web applications due to the improper handling of web requests.

Microsoft has rated this as a 3 on the Exploitability Index (Exploitation Unlikely)


This vulnerability, which allows attackers to present a fake login page to OWA users in an effort to collect user credentials or other sensitive information, has been fixed via an Exchange update to how links are sanitized within the body of emails.

Microsoft has rated this as a 3 on the Exploitability Index (Exploitation Unlikely)

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag CVE Count CVEs
ASP.NET 2 CVE-2018-0787, CVE-2018-0808
Windows Hyper-V 2 CVE-2018-0885, CVE-2018-0888
Windows Desktop Bridge 3 CVE-2018-0877, CVE-2018-0880, CVE-2018-0882
.NET Core 1 CVE-2018-0875
Microsoft Windows 4 CVE-2018-0886, CVE-2018-0902, CVE-2018-0983, CVE-2018-0878
Microsoft Edge 1 CVE-2018-0879
Microsoft Graphics Component 3 CVE-2018-0816, CVE-2018-0817, CVE-2018-0815
Microsoft Browsers 2 CVE-2018-0927, CVE-2018-0932
Device Guard 1 CVE-2018-0884
Windows Installer 1 CVE-2018-0868
Windows Kernel 14 CVE-2018-0811, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901, CVE-2018-0926, CVE-2018-0977, CVE-2018-0813, CVE-2018-0814, CVE-2018-0904
Microsoft Video Control 1 CVE-2018-0881
Internet Explorer 2 CVE-2018-0929, CVE-2018-0942
Microsoft Exchange Server 3 CVE-2018-0924, CVE-2018-0940, CVE-2018-0941
Windows Shell 1 CVE-2018-0883
Microsoft Office 17 CVE-2018-0947, CVE-2018-0903, CVE-2018-0909, CVE-2018-0910, CVE-2018-0907, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0919, CVE-2018-0921, CVE-2018-0922, CVE-2018-0923, CVE-2018-0944
Microsoft Scripting Engine 16 CVE-2018-0889, CVE-2018-0891, CVE-2018-0893, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0935, CVE-2018-0936, CVE-2018-0937, CVE-2018-0939, CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0876, CVE-2018-0925

Other Information

In addition to the Microsoft vulnerabilities included in the February Security Guidance, a number of security advisories were also made available.

March 2018 Adobe Flash Security Update [ADV180006]

Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-05. This includes fixes for CVE-2018-4919 and CVE-2018-4920.


Microsoft has released a patch for a code execution vulnerability in the Credential Security Support Provider protocol (CredSSP). This is an important vulnerability to take note of, as it could allow an attacker with MitM capabilities to gain full access to a Remote Desktop Protocol session.

Microsoft has released detailed documentation regarding related registry key changes and the client update required to fully resolve this vulnerability. Additionally, a blog post has been released detailing the discovery of this vulnerability.