• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Exploits   »   January’s Patch Tuesday Fixes 56 Security Issues, Including Meltdown and Spectre

January’s Patch Tuesday Fixes 56 Security Issues, Including Meltdown and Spectre

  • Posted on:January 10, 2018 at 4:00 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Trend Micro
0

This year’s first Patch Tuesday is a busy one. Microsoft released 56 updates that include patches for the Meltdown and Spectre vulnerabilities. The patches also addressed security issues in Windows OS, Internet Explorer, Edge, Office, ChakraCore, ASP.NET, and .NET Framework. Sixteen were rated critical and 38 important, 20 of which can result in remote code execution (RCE).

Three of these were disclosed through Trend Micro’s Zero-Day Initiative:

  • CVE-2018-0796 — an RCE vulnerability in Microsoft Excel
  • CVE-2018-0758 — a memory corruption vulnerability in the scripting engine in Microsoft Edge
  • CVE-2018-0772 — a memory corruption vulnerability in Microsoft browser-related services (Internet Explorer, ChakraCore, Edge)

Note that Microsoft implemented a new process for delivering patches. A registry key that verifies the compatibility of the antivirus (AV) software with the OS/system is now required in order to deploy and apply patches. Trend Micro customers can find additional product-specific information and solutions — such as adding specific registry key — via these technical support articles for Home and Home Office users and Businesses.

Meltdown and Spectre
On January 3, Microsoft released an emergency update for Windows 10 as well as recommendations and best practices for clients and servers. This month’s Patch Tuesday included updates for other operating systems, but Microsoft held off on rolling out patches for devices running on AMD processors, citing reports that they became unbootable (blue screen of death) after the updates were installed. Microsoft is currently working with AMD to resolve this issue. The fixes’ impact on PC and server performance varies; it also depends on the system’s workload.

Apple also released its patches for Spectre (CVE-2017-5753 and CVE-2017-5715) in macOS High Sierra, iOS, and Safari. Apple addressed Meltdown (CVE-2017-5754) last January 5. Meltdown and Spectre are ecumenical; the U.S. Computer Emergency Readiness Team (US-CERT) has a list of affected vendors and references on their advisories, such as Google (e.g., Android) and Linux Kernel’s.

Other Notable Vulnerabilities
Of note is CVE-2018-0802, a memory corruption vulnerability in Microsoft Office reportedly under attack. Exploiting it entails luring a would-be victim with a specially crafted malicious document. The attack chain resembles that of a similar vulnerability (CVE-2017-11882) that was actively exploited by various hacking groups in mid-December last year. The security update addresses CVE-2018-0802 by removing the Equation Editor functionality.

CVE-2018-0786 is a vulnerability in .NET Framework and .NET Core related to certificate validation. As per Microsoft’s advisory, an attacker can exploit this flaw by sending a specially crafted certificate marked as invalid to a vulnerable, targeted system, but whose components are used for a specific purpose. It bypasses Enhanced Usage Key tagging/application policies, which, in turn, can allow hackers to carry out further attacks.

Meanwhile Adobe released an update (APSB18-01) addressing an out-of-bounds read vulnerability (CVE-2018-4871) in Adobe Flash that can lead to information exposure when successfully exploited. This was disclosed via Trend Micro’s Zero Day Initiative.

Trend Micro detects the proof-of-concept exploits targeting Spectre (CVE-2017-5753) as TROJ64_CVE20175753.POC. Trend Micro™ Deep Security and Vulnerability Protection protect user systems from any threats that may target the aforementioned vulnerabilities via the following DPI rules:

  • 1008828 – Speculative Execution Information Disclosure Vulnerabilities (Spectre)
  • 1008830 – Adobe Flash Player Memory Corruption Vulnerability (APSB18-01)
  • 1008831 – Microsoft Word Memory Corruption Vulnerability (CVE-2018-0797)

Trend Micro™ TippingPoint™ customers are protected from threats that may exploit the vulnerabilities via these MainlineDV filters:

  • 30160: HTTP: Microsoft Edge Scripting Engine Memory Corruption Vulnerability
  • 30162: HTTP: Microsoft Edge Fill Memory Corruption Vulnerability
  • 30163: HTTP: Microsoft Word RTF Memory Corruption Vulnerability
  • 30164: HTTP: Microsoft Edge Print Type Confusion Vulnerability
  • 30167: HTTP: Microsoft Internet Explorer Array Prototype Type Confusion Vulnerability
  • 30168: HTTP: Microsoft Edge Array Memory Corruption Vulnerability
  • 30169: HTTP: Microsoft Edge JIT Use-After-Free Vulnerability
  • 30185: HTTP: Microsoft Edge Function Type Confusion Vulnerability
  • 30186: HTTP: Microsoft Edge Eval Type Confusion Vulnerability
  • 30191: HTTP: Javascript JIT Information Disclosure Vulnerability (Spectre)
  • 30201: HTTP: Adobe Flash ETC2 Texture Data Information Disclosure Vulnerability
Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: MeltdownPatch TuesdaySpectre

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.