Microsoft March Patch Tuesday Fixes 74 Security Issues – UPDATE NOW!


March 13, 2018

Microsoft has released its monthly security updates, and this month the company patched 74 vulnerabilities affecting products such as Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Exchange Server, ASP.NET Core, .NET Core, PowerShell Core, ChakraCore, Microsoft Office, and Microsoft Office Services and Web Apps.

There are no patches for zero-days this month, and the company patched two security bugs about which exploitation details had become public (CVE-2018-0808 and CVE-2018-0940). However, the company did not detect any threat actor trying to exploit any of these flaws before releasing today’s patches.

A few Internet Explorer, Edge, and ChakraCore vulnerabilities did receive a “critical” rating and users should make sure they apply the proper patches.

All in all, this month’s security patches are rather tame compared to last year’s March Patch Tuesday that included fixes for vulnerabilities that the Shadow Brokers would eventually release a month later, in April 2017, such as EternalBlue, EternalSynergy, DoublePulsar, and many others.

Adobe publishes security fixes

But besides Microsoft, Adobe has also released its monthly security advisories, as well. This month, the company fixed two critical remote code execution flaws in Flash Player (CVE-2018-4919 and CVE-2018-4920).

These flaws were discovered by Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability Rewards Program. After today’s patches, the most recent Flash Player version should be v29.0.0.113.

Below is a table listing of all the security issues Microsoft fixed this month. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.

If you’re not interested in all security updates and you’d like to filter updates per product, you can use Microsoft’s official Security Update Guide portal, accessible here.

Product CVE ID CVE Title
Adobe Flash Player ADV180006 March 2018 Adobe Flash Security Update
.NET Core CVE-2018-0875 .NET Core Denial of Service Vulnerability
ASP .NET CVE-2018-0787 ASP.NET Core Elevation of Privilege Vulnerability
ASP.NET CVE-2018-0808 ASP.NET Core Denial of Service Vulnerability
Device Guard CVE-2018-0884 Windows Security Feature Bypass Vulnerability
Internet Explorer CVE-2018-0929 Internet Explorer Information Disclosure Vulnerability
Internet Explorer CVE-2018-0942 Internet Explorer Elevation of Privilege Vulnerability
Microsoft Browsers CVE-2018-0932 Microsoft Browser Information Disclosure Vulnerability
Microsoft Browsers CVE-2018-0927 Microsoft Browser Information Disclosure Vulnerability
Microsoft Edge CVE-2018-0879 Microsoft Edge Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2018-0941 Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2018-0940 Microsoft Exchange Elevation of Privilege Vulnerability
Microsoft Exchange Server CVE-2018-0924 Microsoft Exchange Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-0817 Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-0815 Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-0816 Windows GDI Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0903 Microsoft Access Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0909 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0911 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0907 Microsoft Office Excel Security Feature Bypass
Microsoft Office CVE-2018-0910 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0947 Microsoft Sharepoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0913 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0912 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0919 Microsoft Office Information Disclosure Vulnerability
Microsoft Office CVE-2018-0921 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0915 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0916 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0917 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0944 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0914 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-0922 Microsoft Office Memory Corruption Vulnerability
Microsoft Office CVE-2018-0923 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Scripting Engine CVE-2018-0893 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0874 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0876 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0936 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0873 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0891 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-0889 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0872 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0925 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0934 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0933 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0931 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0935 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0930 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0939 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-0937 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Video Control CVE-2018-0881 Microsoft Video Control Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-0886 CredSSP Remote Code Execution Vulnerability
Microsoft Windows CVE-2018-0878 Windows Remote Assistance Information Disclosure Vulnerability
Microsoft Windows CVE-2018-0902 CNG Security Feature Bypass Vulnerability
Microsoft Windows CVE-2018-0983 Windows Storage Services Elevation of Privilege Vulnerability
Windows Desktop Bridge CVE-2018-0877 Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
Windows Desktop Bridge CVE-2018-0882 Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows Desktop Bridge CVE-2018-0880 Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows Hyper-V CVE-2018-0885 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2018-0888 Hyper-V Information Disclosure Vulnerability
Windows Installer CVE-2018-0868 Windows Installer Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0897 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0899 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0898 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0894 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0977 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0896 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0895 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0900 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0814 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0811 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0904 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0901 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0926 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0813 Windows Kernel Information Disclosure Vulnerability
Windows Shell CVE-2018-0883 Windows Shell Remote Code Execution Vulnerability