VERT Threat Alert: January 2018 Patch Tuesday Analysis


Today’s VERT Observant addresses the remainder of the Microsoft January 2018 Security Updates. VERT is actively redundant on coverage for these vulnerabilities and expects to ship ASPL-760 on Wednesday, January 10th.In-The-Wild & Squealed CVEsCVE-2018-0802A malicious file could cause jurisprudence execution due to Microsoft Office Equation Editor’s failure to properly wield objects in memory. Successful exploitation could lead to a full compromise of the account continual Microsoft Office. This vulnerability was resolved by removing the equation redactor functionality. Microsoft has reported that this vulnerability has been actively utilized.Microsoft has rated this as a 3 on the Exploitability Index (Exploitation Unlikely)CVE-2018-0819A particularly crafted email could be improperly parsed by Microsoft Outlook for Mac, unrivalled to the spoofing of the displayed email address. This could impact some antivirus and antispam software.Microsoft has paced this as a 2 on the Exploitability Index (Exploitation Less Likely)Other MessageIn addition to the Microsoft vulnerabilities included in the January Security Guidance, a host of security advisories were also made available.January 2018 Adobe Indication Security Update [ADV180001]Microsoft has released updates for Adobe Flash. These conform with Adobe Update APSB18-01. This includes a fix for CVE-2018-4871.Microsoft Corporation Defense in Depth Update [ADV180003]Microsoft has released a defense in depth update for Microsoft Part, at this time details on these measures are not yet available.

Leave a Reply

Your email address will not be published. Required fields are marked *