Patch Tuesday April 2018

BeyondTrust Research Team
April 11th, 2018

Patch Tuesday

Welcome back to April’s Microsoft Patch Tuesday. This month patches many Critically rated vulnerabilities in Internet Explorer, Graphics, Adobe Flash Player, and Edge. The rest of the updates are Important and lower in severity, covering protocols such as SNMP and RDP, and products such as Jet Database. Other usual suspects like Office and Adobe Flash Player received fixes as well. In total, 66 security issues have been addressed, 22 critical. Details about CVE-2018-1034, an elevation of privilege vulnerability in Microsoft SharePoint, became public before a patch was available. However, there is no record of an active exploit for the vulnerability.

Kernel

The Windows Kernel received multiple fixes for Information Disclosure vulnerabilities. These vulnerabilities leak the contents and addresses in memory that could lead to an ASLR bypass. An attacker would have to log on to an affected system and run a specially crafted application. The vulnerabilities are rated ‘Important’ by Microsoft.

SNMP Service

Windows SNMP has received a fix for a vulnerability that existed when handling malformed SNMP traps. An attacker exploiting this vulnerability could cause a Denial of Service on the target system. An attacker would not be able to execute code or elevate privileges.

Graphics

Embedded Graphics components in Windows contained a vulnerability where processing maliciously crafted embedded fonts would lead to remote code execution. To exploit the vulnerability an attacker would have to somehow convince the victim to view content containing the maliciously crafted font. Microsoft rates this vulnerability as ‘Critical’.

Jet Database

The Microsoft JET Database Engine contained a Buffer Overflow that would allow for Remote Code Execution. The code would be executed with administrative privilege, allowing for an attacker to install programs, access data, or create new user accounts with full privileges. To exploit the vulnerability, an attacker would view a specially crafted Excel file while using an affected version of Microsoft Windows. The attacker could also lure a victim into opening the Excel file from email via standard phishing techniques.

RDP

The RDP protocol contained a Denial of Service vulnerability when processing maliciously crafted requests. Exploiting the vulnerability would render the RDP service on the target system unresponsive. To exploit this vulnerability, an attacker needs to run a specially crafted application against a server which provides RDP services. Microsoft rates this vulnerability as Important.

Office

Office contained 13 fixes this month. These fixes were rated ‘Important’ in severity, and have impacts ranging from Remote Code Execution, Spoofing, and Information Disclosure. CVE-2018-1034 had details about the vulnerability disclosed prior to the patch being available. There are no known exploits for the vulnerability in the wild, and Microsoft deems exploitation as ‘unlikely’.

Edge and Internet Explorer

Internet Explorer received fixes for two ‘Critical’ vulnerabilities, CVE-2018-1020 and CVE-2018-1018. These vulnerabilities both have the same impact, allowing an attacker to exploit improper memory management to execute code remotely. The executed code would have the same security context as Internet Explorer. Edge and Internet Explorer also received Important security updates that allowed for information disclosure to a remote attacker.

Adobe Flash Player

Adobe Flash Player was host to its usual round of fixes. In total, 6 vulnerabilities in Flash Player were patched. Half of these vulnerabilities were rated as ‘Critical’, and the other half as ‘Important’. These vulnerabilities have impacts of Remote Code Execution, and Information Disclosure, respectively. Adobe has reported that there are no known exploits active for these vulnerabilities.

BeyondTrust Research Team

The BeyondTrust Research Team is known for identifying new trends in enterprise security, including some of the very first critical Microsoft security vulnerabilities. By providing in-depth research analysis of the latest and cutting-edge vulnerabilities, the team’s goal is to educate our customers on the evolving threat landscape while shaping the future of BeyondTrust’s privilege and vulnerability management solutions.