This year’s first Patch Tuesday is a busy one. Microsoft released 56 updates that include patches for the Meltdown and Spectrevulnerabilities. The patches also addressed security issues in Windows OS, Internet Explorer, Edge, Office, ChakraCore, ASP.NET, and .NET Framework. Sixteen were rated critical and 38 important, 20 of which can result in remote code execution (RCE).
Three of these were disclosed through Trend Micro’s Zero-Day Initiative:
- CVE-2018-0796 — an RCE vulnerability in Microsoft Excel
- CVE-2018-0758 — a memory corruption vulnerability in the scripting engine in Microsoft Edge
- CVE-2018-0772 — a memory corruption vulnerability in Microsoft browser-related services (Internet Explorer, ChakraCore, Edge)