Patch Tuesday Archive
Patch Tuesday January 2018
Total CVEs
63
Critical
16
Important
44
Exploited
1
Publicly Disclosed
1
All CVEs this month 63
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed | Diffed |
|---|---|---|---|---|---|---|---|
| ADV180003 | Microsoft Office Defense in Depth Update | None | - | Microsoft Office | - | - | - |
| CVE-2018-0804 | Microsoft Office Memory Corruption Vulnerability | Low | - | Microsoft Office | - | - | - |
| CVE-2018-0805 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0806 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0807 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0812 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0818 | Scripting Engine Security Feature Bypass Vulnerability | Important | 4.3 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0819 | Spoofing Vulnerability in Microsoft Office for MAC | Important | - | Microsoft Office | - | Yes | - |
| CVE-2018-0845 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0848 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0849 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0862 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0746 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0747 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0748 | Windows Elevation of Privilege Vulnerability | Important | 6.6 |
Windows Kernel | - | - | - |
| CVE-2018-0751 | Windows Elevation of Privilege Vulnerability | Important | 6.6 |
Windows Kernel | - | - | - |
| CVE-2018-0752 | Windows Elevation of Privilege Vulnerability | Important | 6.6 |
Windows Kernel | - | - | - |
| CVE-2018-0753 | Windows IPSec Denial of Service Vulnerability | Important | 5.9 |
Microsoft Windows | - | - | - |
| CVE-2018-0750 | Windows GDI Information Disclosure Vulnerability | Important | 5.5 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-0773 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0774 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0781 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0784 | ASP.NET Core Elevation Of Privilege Vulnerability | Important | - | ASP .NET | - | - | - |
| CVE-2018-0786 | .NET Security Feature Bypass Vulnerability | Important | - | .NET Framework | - | - | - |
| CVE-2018-0788 | OpenType Font Driver Elevation of Privilege Vulnerability | Important | 7 |
Graphic Fonts | - | - | - |
| CVE-2018-0795 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0797 | Microsoft Office Memory Corruption Vulnerability | Critical | - | Microsoft Office | - | - | - |
| CVE-2018-0799 | Microsoft Access Tampering Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0802 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | Yes | - | - |
| CVE-2018-0801 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0803 | Microsoft Edge Elevation of Privilege Vulnerability | Important | 3.1 |
Microsoft Edge | - | - | - |
| CVE-2018-0800 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities | Important | - | Side-Channel | - | - | - |
| ADV180001 | January 2018 Adobe Flash Security Update | Important | - | Adobe Flash Player | - | - | - |
| CVE-2018-0741 | Microsoft Color Management Information Disclosure Vulnerability | Important | 5.5 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-0743 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7 |
Windows Subsystem for Linux | - | - | - |
| CVE-2018-0744 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - | - |
| CVE-2018-0745 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0749 | SMB Server Elevation of Privilege Vulnerability | Important | 6.6 |
Windows SMB Server | - | - | - |
| CVE-2018-0754 | OpenType Font Driver Information Disclosure Vulnerability | Important | 5.5 |
Graphic Fonts | - | - | - |
| CVE-2018-0758 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0762 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Browsers | - | - | - |
| CVE-2018-0766 | Microsoft Edge PDF Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Edge | - | - | - |
| CVE-2018-0767 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.3 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0768 | Scripting Engine Memory Corruption Vulnerability | Important | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0764 | .NET and .NET Core Denial of Service Vulnerability | Important | - | .NET Framework | - | - | - |
| CVE-2018-0769 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0770 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0772 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Browsers | - | - | - |
| CVE-2018-0775 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0776 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0777 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0778 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0780 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0785 | ASP.NET Core Cross Site Request Forgery Vulnerabilty | Moderate | - | ASP.NET | - | - | - |
| CVE-2018-0789 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0790 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0791 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0792 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0793 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0794 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0796 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0798 | Microsoft Office Memory Corruption Vulnerability | Important | - | Microsoft Office | - | - | - |
Threat Categories 8
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 32 | 13 |
| Information Disclosure | 14 | 3 |
| Elevation of Privilege | 8 | - |
| Denial of Service | 2 | - |
| Security Feature Bypass | 2 | - |
| Spoofing | 2 | - |
| Tampering | 2 | - |
| Defense in Depth | 1 | - |
Affected Products 15
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Office | 24 | 1 |
| Microsoft Scripting Engine | 15 | - |
| Windows Kernel | 7 | - |
| .NET Framework | 2 | - |
| Graphic Fonts | 2 | - |
| Microsoft Browsers | 2 | - |
| Microsoft Edge | 2 | - |
| Microsoft Graphics Component | 2 | - |
| ASP .NET | 1 | - |
| ASP.NET | 1 | - |
| Adobe Flash Player | 1 | - |
| Microsoft Windows | 1 | - |
| Side-Channel | 1 | - |
| Windows SMB Server | 1 | - |
| Windows Subsystem for Linux | 1 | - |