2018
14.02
Windows – security updates

Anyone using Edge, Internet Explorer, Microsoft Office, Outlook or Windows should make sure that Windows Update has updated the computer. In this software from Microsoft gape 54 security holes that the Group has closed on this patchday. Of these, 14 are considered “critical,” and Microsoft classifies 38 security updates as “important.” The risk of two gaps is considered “moderate”.

Outlook
Most critical is a vulnerability in Outlook. If attackers exploit them, they should be able to execute malicious code remotely and take control of the computer. The gap should be relatively easy to exploit. Attackers only need to send an email with a prepared file attached to a victim. In this case, a victim does not even have to open the file, it is sufficient if a preview of the mail appears in the Preview Pane. Then there is a memory error and the course for the execution of malicious code are provided. For the successful exploitation of a second gap in Outlook the sole receipt of a specially prepared mail should suffice, warns Microsoft. Then attackers can gain higher rights.

Internet Explorer
In Internet Explorer and Edge gape 13 critical holes. If attackers want to successfully attack them, they have to lure victims onto prepared websites. Following this, a memory error occurs in the scripting engine and the execution of malicious code is no longer an obstacle. In this way, a vulnerability of the StructuredQuery component of Windows and Windows Server should also be exploited. The Windows kernel receives updates for ten security holes. For attackers to exploit them, they must have local access and run an application on targeted computers. If that works, attackers can, for example, read information or obtain higher rights.

MS Office
Microsoft Office will also receive security patents this month. However, for a successful attack, victims must open an attacker-spread file with Office or WordPad. Microsoft provides information about the patched vulnerabilities in the Security Update Guide. However, the listing is anything but clear. For example, a much improved list can be found in the Patchday blog article by Cisco’s Talos team.

Meltdown / Specter analysis
Microsoft has extended its telemetry analysis tool Windows Analystics. As a result, admins are now able to check the status of computers across the enterprise for safeguards against the Meltdown and Specter CPU vulnerabilities. The tool reads the status of AV scanners, firmware and Windows Update and presents the results in an overview. Currently, the firmware check only works with Intel CPUs. The current version of Windows Analytics can be used from Windows 7 to Windows 10 with the current patch level.

back