A fix for the previous zero-day vulnerability in Adobe Flash (CVE-2018-4878) was also included in the rollout of patches but was in fact silently pushed out last week.
Majority of the vulnerabilities are related to elevation of privileges. When exploited successfully, these can allow hackers to carry out normally restricted and system-level functions or hijack the affected systems. There are also 11 security issues affecting the Windows kernel that can lead to local privilege escalation and information disclosure when exploited.
Of note are three vulnerabilities:
CVE-2018-0852: A memory corruption vulnerability in Microsoft Outlook that, when exploited successfully, can let attackers run arbitrary code. What’s notable with this flaw is that Outlook’s Preview Pane can become an attack vector — the would-be victim need only receive a preconfigured message for malicious code to run. If logged on with administrative rights, it can enable hackers to hijack the system, such as installing programs, viewing, altering or deleting data, or creating privileged user accounts. The malicious file can also be hosted on an attacker-owned or compromised website, in which case the hacker would have to trick users into clicking a link that will divert victims to the site.
CVE-2018-0850: A privilege escalation flaw in Microsoft Outlook. The vulnerability can be exploited through an especially crafted email designed to force Outlook to load local or remote messages over Server Message Block (SMB).
Adobe also rolled out its own patches (APSB18-02), addressing security issues in Acrobat Reader and Experience Manager on both Windows and Mac platforms. Of the vulnerabilities listed in Adobe’s bulletin — most of which can lead to remote code execution — 26 were disclosed via Trend Micro’s Zero Day Initiative.
Trend Micro™ Deep Security and Vulnerability Protection protect user systems from threats that may target the aforementioned vulnerabilities via the following DPI rules:
1008866 – Microsoft Windows StructuredQuery Remote Code Execution Vulnerability (CVE-2018-0825)
1008874 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0860)
1008871 – Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0840)
1008877 – Microsoft Windows Multiple Security Vulnerabilities (Feb-2018)
1008867 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0834)
1008870 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0838)
1008872 – Microsoft Office Remote Code Execution Vulnerability (CVE-2018-0841)
1008869 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0837)
1008868 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0835)
1008873 – Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0858)
1008881 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-0866)
Trend Micro™ TippingPoint™ customers are protected from threats that may exploit the vulnerabilities via these MainlineDV filters:
30331: HTTP: Microsoft Edge prototype Use-After-Free Vulnerability
30334: HTTP: Microsoft Windows win32k Use-After-Free Vulnerability
30336: HTTP: Microsoft Windows win32kbase Use-After-Free Vulnerability
30341: HTTP: Microsoft Windows LNK Memory Corruption Vulnerability
30342: HTTP: Microsoft Edge prototype defineGetter Use-After-Free Vulnerability
30362: HTTP: Microsoft Edge JIT Optimization Type Confusion Vulnerability
30366: HTTP: Microsoft Windows clfs.sys BLF Privilege Escalation Vulnerability
30367: HTTP: Microsoft HID Parsing Library Out-of-Bounds Vulnerability
30368: HTTP: Microsoft Windows clfs.sys BLF Privilege Escalation Vulnerability
30388: HTTP: Microsoft Excel XLS Parsing Type Confusion Vulnerability
30410: HTTP: Microsoft Internet Explorer localeCompare Use-After-Free Vulnerability