OLDER

April Patch Tuesday Bulletin

April 17, 2018 by Stoyan Koev, NOC Manager

Welcome to the April Microsoft Patch Super Tuesday Bulletin. This month there are 73 Bulletins we recommend to be addressed. There are 6 Critical updates for the Microsoft products. The good news is that even if the amount of vulnerabilities is high, none of them are being reported as exploited in the wild.

The only vulnerability worth mentioning is the Out-of-Band update to the Malware Protection engine, which addresses the remote code execution that was reported as possible through it.

ECHO is addressing these for our clients. To others, we hope this list is useful for you.

For additional details, please find the release details below:

Technology	Products Affected	Severity	Reference	Workaround/ Exploited	Vulnerability Info
Internet Explorer	IE 9, 10, 11	Critical	CVE-2018-8118 CVE-2018-0870 CVE-2018-0981 CVE-2018-0987 CVE-2018-0988 CVE-2018-0989 CVE-2018-0991 CVE-2018-0996 CVE-2018-0997 CVE-2018-1000 CVE-2018-1001 CVE-2018-1004 CVE-2018-1018 CVE-2018-1020	Workaround: No *Exploited: No	Remote Code Execution Information Disclosure
Edge	Microsoft Edge	Critical	CVE-2018-0892 CVE-2018-0979 CVE-2018-0980 CVE-2018-0990 CVE-2018-0993 CVE-2018-0994 CVE-2018-0995 CVE-2018-0998 CVE-2018-1019 CVE-2018-1023	Workaround: No *Exploited: No	Remote Code Execution Information Disclosure
Windows	Windows 7, 8.1, RT 8.1, 10 Server 2008/2008 R2 Sever 2012, 2012 R2 Server 2016 Windows Defender	Important	CVE-2018-1038 CVE-2018-0986 CVE-2018-0887 CVE-2018-0890 CVE-2018-0956 CVE-2018-0957 CVE-2018-0960 CVE-2018-0963 CVE-2018-0964 CVE-2018-0966 CVE-2018-0967 CVE-2018-0968 CVE-2018-0969 CVE-2018-0970 CVE-2018-0971 CVE-2018-0972 CVE-2018-0973 CVE-2018-0974 CVE-2018-0975 CVE-2018-0976 CVE-2018-1003 CVE-2018-1004 CVE-2018-1008 CVE-2018-1012 CVE-2018-1013 CVE-2018-1015 CVE-2018-1016 CVE-2018-8116 CVE-2018-1009 CVE-2018-1010	Workaround: No *Exploited: No	Information Disclosure Elevation of Privilege Denial of Service Remote Code Execution Security Feature Bypass
Office, Office Services and Web Apps	Excel and Word 2007, 2010, 2013, 2016 SharePoint Server and Office 2010, 2013, 2016 Office Web Apps 2010, 2013 Office for Mac 2016	Important	CVE-2018-0920 CVE-2018-0950 CVE-2018-1005 CVE-2018-1007 CVE-2018-1011 CVE-2018-1014 CVE-2018-1026 CVE-2018-1027 CVE-2018-1028 CVE-2018-1029 CVE-2018-1030 CVE-2018-1032 CVE-2018-1034	Workaround: No *Exploited: No	Information Disclosure Remote Code Execution Elevation of Privilege
Chakra	ChakraCore	Critical	CVE-2018-0979 CVE-2018-0980 CVE-2018-0990 CVE-2018-0993 CVE-2018-0994 CVE-2018-0995 CVE-2018-1019 CVE-2018-1023	Workaround: No *Exploited: No	Remote Code Execution
Adobe Flash	Player	Critical	ADV180007 CVE-2018-4932 CVE-2018-4933 CVE-2018-4934 CVE-2018-4935 CVE-2018-4936 CVE-2018-4937	Workaround: No *Exploited: No	Remote Code Execution Information Disclosure
Malware Protection Engine	Windows Defender Intune Endpoint Protection	Critical	CVE-2018-0986	Workaround: No *Exploited: No	Remote Code Execution
Visual Studio	VS 2010, 2012, 2013, 2015, 2017	Important	CVE-2018-1037	Workaround: No *Exploited: No	Information Disclosure

1 like