Microsoft has released the February 2018 Patch Tuesday security updates, and this month's release comes with fixes for 50 vulnerabilities, along with additional patches for the Meltdown and Spectre vulnerabilities (ADV180002).
There are no Windows zero-days in this month's Patch Tuesday, but Microsoft has included patches for an Adobe Flash Player zero-day that came to light at the start of the month.
The Flash zero-day patches are bundled in ADV180004, which Microsoft silently pushed to users' PCs last week, on February 6, but which have also been included in the company's monthly security rollup.
February 2018 Patch Tuesday includes Windows kernel fixes
The vast majority of this month's fixes are Elevation of Privilege (EoP) vulnerabilities that will allow attackers with a foothold on the machine to gain SYSTEM-level privileges.
In addition, Microsoft also patched 11 bugs affecting the Windows kernel. Even if these are information disclosure and elevation of privilege issues, these bugs should not be taken lightly, as Microsoft expects threat actors to abuse these vulnerabilities in the future, most of them receiving an assessment of "Exploitation More Likely."
But there is also some good news. Even if details about a Microsoft Edge Same-Origin Policy (SOP) bypass technique (CVE-2018-0771) became public, the vulnerability was not exploited in the wild before Microsoft delivered a patch earlier today.