VERT Threat Alert: February 2018 Patch Tuesday Analysis


Today’s VERT Caution addresses Microsoft’s February 2018 Security Updates. VERT is actively including on coverage for these vulnerabilities and expects to ship ASPL-765 on Wednesday, February 14th.In-The-Wild & Revealed CVEsCVE-2018-0771This vulnerability describes a Same-Origin Management (SOP) bypass in Microsoft Edge. The SOP is designed to prevent content from one lineage (defined by port, protocol, and host) from accessing content within another creation. Bypassing this policy can allow content to be manipulated or transmitted between launches. For more details on the Same-Origin Policy, Mozilla has published detailed documentation.Microsoft has rated this as a 2 on the Exploitability Catalogue (Exploitation Less Likely).CVE Breakdown by TagWhile historical Microsoft Refuge Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This slant provides a breakdown of the CVEs on a per tag basis. Other InformationIn addition to the Microsoft vulnerabilities encompassed in the February Security Guidance, a number of security advisories were also made convenient.Guidance to mitigate speculative execution side-channel vulnerabilities [ADV180002]Microsoft has before you can turn around again updated ADV180002, the Spectre and Meltdown advisory. This 12th updating to the advisory announces the release of updates for Windows 10 x86.February 2018 Adobe Twinkle Security Update [ADV180004]Released last week, Microsoft released updates for Adobe Flare. These correspond with Adobe Update APSB18-03. This includes straighten outs for CVE-2018-4877 and CVE-2018-4878.

Leave a Reply

Your email address will not be published. Required fields are marked *