Microsoft Patchday Summary (February 13, 2018)

Windows Update[German]Microsoft released a series of security updates for Windows and other products on February 13, 2018. Here is a brief overview of critical and non-critical security updates, a list of all 50 CVEs and details to an updated Microsoft Security Advisory Notification.


Advertising
 


Details of these security updates can be found in the Microsoft Security TechCenter. I will also document the updates in separate blog posts.

Critical Security Updates

ChakraCore
Microsoft Edge
Internet Explorer 9
Internet Explorer 11
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions

Important Security Updates

Microsoft Office Word Viewer
Microsoft Project Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016

Moderate Security Updates

Internet Explorer 10

Overview: Closed CVEs

Here is the list of all 50 vulnerabilities that have been closed (see also). Details will follow in separate articles.

Tag CVE ID CVE Title
Side-Channel ADV180002 Guidance to mitigate speculative execution side-channel vulnerabilities
Adobe Flash Player ADV180004 February 2018 Adobe Flash Security Update
Common Log File System Driver CVE-2018-0844 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Common Log File System Driver CVE-2018-0846 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Device Guard CVE-2018-0827 Windows Security Feature Bypass Vulnerability
Graphic Fonts CVE-2018-0855 Windows EOT Font Engine Information Disclosure Vulnerability
Graphic Fonts CVE-2018-0755 Windows EOT Font Engine Information Disclosure Vulnerability
Graphic Fonts CVE-2018-0760 Windows EOT Font Engine Information Disclosure Vulnerability
Graphic Fonts CVE-2018-0761 Windows EOT Font Engine Information Disclosure Vulnerability
Internet Explorer CVE-2018-0866 Scripting Engine Memory Corruption Vulnerability
Microsoft Browsers CVE-2018-0840 Scripting Engine Memory Corruption Vulnerability
Microsoft Edge CVE-2018-0839 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-0771 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2018-0763 Microsoft Edge Information Disclosure Vulnerability
Microsoft Office CVE-2018-0869 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0864 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0852 Microsoft Outlook Memory Corruption Vulnerability
Microsoft Office CVE-2018-0851 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2018-0850 Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0853 Microsoft Office Information Disclosure Vulnerability
Microsoft Office CVE-2018-0841 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2018-0859 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0860 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0861 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0858 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0836 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0835 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0837 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0838 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0856 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0857 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0834 Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2018-0822 Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-0823 Named Pipe File System Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-0825 StructuredQuery Remote Code Execution Vulnerability
Microsoft Windows CVE-2018-0828 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-0826 Windows Storage Services Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-0821 Windows AppContainer Elevation Of Privilege Vulnerability
Microsoft Windows CVE-2018-0847 Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2018-0820 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0831 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0832 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0830 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0829 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0757 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0742 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0756 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0809 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0810 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0843 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0842 Windows Remote Code Execution Vulnerability
Windows SMB Server CVE-2018-0833 Windows Denial of Service Vulnerability

MS Security Advisory Notification (February 13, 2018)

Microsoft Security Advisory ADV180002 Updated on February 13

– Title: Guidance to mitigate speculative execution side-channel
vulnerabilities
– https:https://portal.msrc.microsoft.com/en-US/security-guidance/
advisory/ADV180002
– Reason for Revision: Microsoft has released security updates to
provide additional protections for the 32-bit (x86) versions of
Windows 10 as follows: 4074596 for Windows 10, 4074591 for Windows
10 Version 1511, 4074590 for Windows 10 Version 1607, and 4074592
for Windows 10 Version 1703. Microsoft recommends that customers
running 32-bit systems install the applicable update as soon as
possible. Microsoft continues to work to provide 32-bit (x86)
protections for other supported Windows versions but does not
have a release schedule at this time. These update will be
included in subsequent updates, and do not apply to x64
(64-bit) systems. Added a section under Advisory Details to
announce that Microsoft has released mitigations for Windows
Holographic to Microsoft HoloLens customers that are provided
automatically as part of the February 2018 Windows Security
Update to Windows 10 Version 1607 for HoloLens. HoloLens
customers do not need to take any additional action to update
their device firmware. Added FAQ#12 and FAQ#13 to provide
further information for installing the February 2018
security updates.

Similar articles:
Adobe Flash Player: New Update 28.0.0.161
Update KB4074595 (Flash Player) for Windows
Microsoft Office Patchday (February 6, 2018)
Microsoft Patchday Summary (February 13, 2018)
Patchday: Updates for Windows 7/8.1 (February 13, 2018)
Patchday: Windows 10 updates (February 13, 2018)
Patchday: Other Microsoft Updates (February 13, 2018)


Advertising


This entry was posted in browser, Office, Security, Update, Windows and tagged , , , . Bookmark the permalink.

2 Responses to Microsoft Patchday Summary (February 13, 2018)

Leave a Reply

Your email address will not be published. Required fields are marked *