February Patch Tuesday Is a Bouquet of Fixes for Privilege Escalation Vulnerabilities
A fix for the previous zero-day vulnerability in Adobe Flash (CVE-2018-4878) was also included in the rollout of patches but was in fact silently pushed out last week.
Majority of the vulnerabilities are related to elevation of privileges. When exploited successfully, these can allow hackers to carry out normally restricted and system-level functions or hijack the affected systems. There are also 11 security issues affecting the Windows kernel that can lead to local privilege escalation and information disclosure when exploited.
Of note are three vulnerabilities:
- CVE-2018-0852: A memory corruption vulnerability in Microsoft Outlook that, when exploited successfully, can let attackers run arbitrary code. What’s notable with this flaw is that Outlook’s Preview Pane can become an attack vector — the would-be victim need only receive a preconfigured message for malicious code to run. If logged on with administrative rights, it can enable hackers to hijack the system, such as installing programs, viewing, altering or deleting data, or creating privileged user accounts. The malicious file can also be hosted on an attacker-owned or compromised website, in which case the hacker would have to trick users into clicking a link that will divert victims to the site.
- CVE-2018-0850: A privilege escalation flaw in Microsoft Outlook. The vulnerability can be exploited through an especially crafted email designed to force Outlook to load local or remote messages over Server Message Block (SMB).
Adobe also rolled out its own patches (APSB18-02), addressing security issues in Acrobat Reader and Experience Manager on both Windows and Mac platforms. Of the vulnerabilities listed in Adobe’s bulletin — most of which can lead to remote code execution — 26 were disclosed via Trend Micro’s Zero Day Initiative.
- 1008866 – Microsoft Windows StructuredQuery Remote Code Execution Vulnerability (CVE-2018-0825)
- 1008874 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0860)
- 1008871 – Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0840)
- 1008877 – Microsoft Windows Multiple Security Vulnerabilities (Feb-2018)
- 1008867 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0834)
- 1008870 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0838)
- 1008872 – Microsoft Office Remote Code Execution Vulnerability (CVE-2018-0841)
- 1008869 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0837)
- 1008868 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0835)
- 1008873 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0858)
- 1008881 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0866)
- 30331: HTTP: Microsoft Edge prototype Use-After-Free Vulnerability
- 30334: HTTP: Microsoft Windows win32k Use-After-Free Vulnerability
- 30336: HTTP: Microsoft Windows win32kbase Use-After-Free Vulnerability
- 30341: HTTP: Microsoft Windows LNK Memory Corruption Vulnerability
- 30342: HTTP: Microsoft Edge prototype defineGetter Use-After-Free Vulnerability
- 30362: HTTP: Microsoft Edge JIT Optimization Type Confusion Vulnerability
- 30366: HTTP: Microsoft Windows clfs.sys BLF Privilege Escalation Vulnerability
- 30367: HTTP: Microsoft HID Parsing Library Out-of-Bounds Vulnerability
- 30368: HTTP: Microsoft Windows clfs.sys BLF Privilege Escalation Vulnerability
- 30388: HTTP: Microsoft Excel XLS Parsing Type Confusion Vulnerability
- 30410: HTTP: Microsoft Internet Explorer localeCompare Use-After-Free Vulnerability