Patch Tuesday

Microsoft has released the February 2018 Patch Tuesday security updates, and this month's release comes with fixes for 50 vulnerabilities, along with additional patches for the Meltdown and Spectre vulnerabilities (ADV180002).

There are no Windows zero-days in this month's Patch Tuesday, but Microsoft has included patches for an Adobe Flash Player zero-day that came to light at the start of the month.

The Flash zero-day patches are bundled in ADV180004, which Microsoft silently pushed to users' PCs last week, on February 6, but which have also been included in the company's monthly security rollup.

As for Microsoft products, the company says this month's Patch Tuesday contains fixes for the Windows OS, Microsoft Office and Microsoft Office Services and Web Apps, Internet Explorer, Microsoft Edge, and the ChakraCore JavaScript engine.

February 2018 Patch Tuesday includes Windows kernel fixes

The vast majority of this month's fixes are Elevation of Privilege (EoP) vulnerabilities that will allow attackers with a foothold on the machine to gain SYSTEM-level privileges.

In addition, Microsoft also patched 11 bugs affecting the Windows kernel. Even if these are information disclosure and elevation of privilege issues, these bugs should not be taken lightly, as Microsoft expects threat actors to abuse these vulnerabilities in the future, most of them receiving an assessment of "Exploitation More Likely."

But there is also some good news. Even if details about a Microsoft Edge Same-Origin Policy (SOP) bypass technique (CVE-2018-0771) became public, the vulnerability was not exploited in the wild before Microsoft delivered a patch earlier today.

Adobe publishes security fixes as well

If users are already in a patching mood, Adobe has also released its Patch Tuesday advisories, and besides the Flash zero-day fixes it delivered last week, the company also released today fixes for Adobe Acrobat and Reader (PDF readers) and Adobe Experience Manager (enterprise CMS).

Below is a table listing of all the security issues Microsoft fixed this month. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.

If you're not interested in all security updates and you'd like to filter updates per product, you can use Microsoft's official Security Update Guide portal, accessible here.

Tag CVE ID CVE Title
Side-Channel ADV180002 Guidance to mitigate speculative execution side-channel vulnerabilities
Adobe Flash Player ADV180004 February 2018 Adobe Flash Security Update
Common Log File System Driver CVE-2018-0844 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Common Log File System Driver CVE-2018-0846 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Device Guard CVE-2018-0827 Windows Security Feature Bypass Vulnerability
Graphic Fonts CVE-2018-0855 Windows EOT Font Engine Information Disclosure Vulnerability
Graphic Fonts CVE-2018-0755 Windows EOT Font Engine Information Disclosure Vulnerability
Graphic Fonts CVE-2018-0760 Windows EOT Font Engine Information Disclosure Vulnerability
Graphic Fonts CVE-2018-0761 Windows EOT Font Engine Information Disclosure Vulnerability
Internet Explorer CVE-2018-0866 Scripting Engine Memory Corruption Vulnerability
Microsoft Browsers CVE-2018-0840 Scripting Engine Memory Corruption Vulnerability
Microsoft Edge CVE-2018-0839 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-0771 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2018-0763 Microsoft Edge Information Disclosure Vulnerability
Microsoft Office CVE-2018-0869 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0864 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0852 Microsoft Outlook Memory Corruption Vulnerability
Microsoft Office CVE-2018-0851 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2018-0850 Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0853 Microsoft Office Information Disclosure Vulnerability
Microsoft Office CVE-2018-0841 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2018-0859 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0860 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0861 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0858 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0836 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0835 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0837 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0838 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0856 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0857 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0834 Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2018-0822 Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-0823 Named Pipe File System Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-0825 StructuredQuery Remote Code Execution Vulnerability
Microsoft Windows CVE-2018-0828 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-0826 Windows Storage Services Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-0821 Windows AppContainer Elevation Of Privilege Vulnerability
Microsoft Windows CVE-2018-0847 Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2018-0820 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0831 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0832 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0830 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0829 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0757 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0742 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0756 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0809 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0810 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0843 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0842 Windows Remote Code Execution Vulnerability
Windows SMB Server CVE-2018-0833 Windows Denial of Service Vulnerability

Related Articles:

Microsoft August 2018 Patch Tuesday Fixes 60 Security Flaws, Including Two Zero-Days

Adobe Patches Flash Player, Acrobat, Reader, Creative Cloud Desktop App, More

Microsoft July 2018 Patch Tuesday Fixes 53 Security Bugs Across 15 Products

Microsoft Releases Windows 10 Cumulative Updates KB4343909 and KB4343897

Microsoft Rolls Out Patches for "Lazy FP State Restore" Bug Affecting Intel CPUs