Microsoft February Patch Tuesday Fixes 50 Security Issues
By Kenneth Sprague | February 14th, 2018
Microsoft released the February 2018 Patch Tuesday security updates, and this month’s release comes with fixes for 50 vulnerabilities, along with additional patches for the Meltdown and Spectre vulnerabilities (ADV180002).
There are no Windows zero-days in this month’s Patch Tuesday, but Microsoft has included patches for an Adobe Flash Player zero-day that came to light at the start of the month.
The Flash zero-day patches are bundled in ADV180004, which Microsoft silently pushed to users’ PCs last week, on February 6, but which have also been included in the company’s monthly security rollup.
Patch Includes Windows Kernel Fixes
The vast majority of this month’s fixes are Elevation of Privilege (EoP) vulnerabilities that will allow attackers with a foothold on the machine to gain SYSTEM-level privileges.
In addition, Microsoft also patched 11 bugs affecting the Windows kernel. Even if these are information disclosure and elevation of privilege issues, these bugs should not be taken lightly, as Microsoft expects threat actors to abuse these vulnerabilities in the future, most of them receiving an assessment of “Exploitation More Likely.”
But there is also some good news. Even if details about a Microsoft Edge Same-Origin Policy (SOP) bypass technique (CVE-2018-0771) became public, the vulnerability was not exploited in the wild before Microsoft delivered a patch earlier today.
Adobe Publishes Security Fixes As Well
If users are already in a patching mood, Adobe has also released its Patch Tuesday advisories, and besides the Flash zero-day fixes it delivered last week, the company also released today fixes for Adobe Acrobat and Reader (PDF readers) and Adobe Experience Manager (enterprise CMS).
Below is a table listing of all the security issues Microsoft fixed this month. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.
If you’re not interested in all security updates and you’d like to filter updates per product, you can use Microsoft’s official Security Update Guide portal, accessible here.
Source: Microsoft February Patch Tuesday