14 DAY TRIAL // Microsoft’s February 2018 Patch Tuesday cycle includes updates for a total of 55 vulnerabilities, out of which no less than 15 are considered to be critical.
Products like Windows and Office are getting patched, as well as Microsoft Edge and Internet Explorer, as well as other operating system components like the Windows Kernel.
There are two bulletins that require more attention, though it goes without saying that patching should be on the priority list of IT admins this week.
Cumulative updates for Windows 10
First, it’s the vulnerability detailed in CVE-2018-0825 and which describes a bug in StructuredQuery that could enable Remote Code Execution on virtually every Windows version – users running unsupported Windows are also likely to be affected, and this is one of the reasons it’s critical to run a version that still gets security updates.
In this case, cybercriminals could turn to malicious files sent to targeted computers via the typical ways, such as email, websites, or instant messaging. These files make it possible to exploit the flaw, so it’s essential to stay away from sites and attachments coming from people you don’t know until patching.
Then, the Microsoft Office productivity suite is also getting security updates aimed at six different vulnerabilities that could eventually allow Remote Code Execution as well.
As it happened with other security flaws, these new ones can be exploited with crafted documents spreading through websites and attachments and allowing a malicious actor to get the same privileges as the logged-in user. This is particularly more dangerous in the case of administrator accounts because an attacker would essentially obtain full control of the system.
Microsoft has also shipped cumulative updates for Windows 10, and they are available for every version released so far – note that the original version (10240) and the November Update (1511) are only supported as part of the LTSB branch. These cumulative updates include both security and non-security fixes, and installing the most recent one brings a system completely up-to-date.