Microsoft February Patch Tuesday Fixes 50 Security Issues (including Windows kernel fixes)

[LASER_oneXM]

Microsoft has released the February 2018 Patch Tuesday security updates, and this month's release comes with fixes for 50 vulnerabilities, along with additional patches for the Meltdown and Spectre vulnerabilities (ADV180002).

There are no Windows zero-days in this month's Patch Tuesday, but Microsoft has included patches for an Adobe Flash Player zero-day that came to light at the start of the month.

The Flash zero-day patches are bundled in ADV180004, which Microsoft silently pushed to users' PCs last week, on February 6, but which have also been included in the company's monthly security rollup.

As for Microsoft products, the company says this month's Patch Tuesday contains fixes for the Windows OS, Microsoft Office and Microsoft Office Services and Web Apps, Internet Explorer, Microsoft Edge, and the ChakraCore JavaScript engine.

February 2018 Patch Tuesday includes Windows kernel fixes
The vast majority of this month's fixes are Elevation of Privilege (EoP) vulnerabilities that will allow attackers with a foothold on the machine to gain SYSTEM-level privileges.

In addition, Microsoft also patched 11 bugs affecting the Windows kernel. Even if these are information disclosure and elevation of privilege issues, these bugs should not be taken lightly, as Microsoft expects threat actors to abuse these vulnerabilities in the future, most of them receiving an assessment of "Exploitation More Likely."

But there is also some good news. Even if details about a Microsoft Edge Same-Origin Policy (SOP) bypass technique (CVE-2018-0771) became public, the vulnerability was not exploited in the wild before Microsoft delivered a patch earlier today.

 

[LASER_oneXM]

..more details about patches this month:

Microsoft Security Updates February 2018 release - gHacks Tech News

Operating System Distribution

• Windows 7: 15 vulnerabilities of which 1 is rated critical and 14 are rated important
• Windows 8.1: 12 vulnerabilities of which 1 is rated critical, 10 are important, and 1 is moderate
• Windows 10 version 1607: 17 vulnerabilities of which 1 is rated critical and 16 are rated important
• Windows 10 version 1703: 18 vulnerabilities of which 1 is rated critical and 17 are rated important
• Windows 10 version 1709: 19 vulnerabilities of which 1 is rated critical and 18 are rated important

...
......
....
...

...
.......

Security Updates
KB4074588 -- Cumulative Update for Windwos 10 version 1709 to build 16299.248.

• Addresses issue where child accounts are able to access InPrivate mode on ARM devices even though their browsing and search history is sent to their parents. This occurs only on Microsoft accounts belonging to children that are managed using the Microsoft Family service and for which parents have enabled activity reporting. This applies to Microsoft Edge and Internet Explorer.
• Addresses issue with docking and undocking Internet Explorer windows.
• Addresses issue in Internet Explorer where pressing the delete key inserted a new line in input boxes in an application.

.....
...
.........

 

[Cortex]

My update is several hours later than usual which is 18:00 GMT - Are MS rolling it out because of the size?

 

[marg]

Here we go again...! I wonder what they messed up this time?

 

[DavidLMO]

I will wait a few days

 

[Solarquest]

Microsoft Rolls Out Windows Analytics Update to Aid Meltdown & Spectre Patching

 

[Windows Defender Shill]

Death, taxes and Microsoft updates.