Patch Tuesday February 2018 Updates

As usual, ManageEngine is here to present you with Microsoft’s Patch Tuesday Updates, this time for February 2018. This month’s update includes patches for 50 vulnerabilities, along with patches for the infamous processor bugs Meltdown and Spectre.

In addition to those patches, Microsoft has also released a patch for a recent zero-day vulnerability for Adobe Flash Player. This update was bundled along with Microsoft’s ADV180004 update last week.

Although this past month didn’t have any major vulnerabilities reported, there was a notable cyberattack. During the inaugural ceremony for the Winter Olympics last week, a wiper malware (similar to NotPetya) took down most of the WAN and LAN networks at the Olympics.

Microsoft Patch Tuesday February 2018 security updates

The major products that are handled in this month’s security updates are:

  • Windows OS
  • Microsoft Office
  • Adobe Flash
  • Internet Explorer
  • ChakraCore
  • Microsoft Edge

You can access a complete report on this month’s Patch Tuesday here. And if you need to sort and filter the updates by product, a list of updates is available here.

Microsoft Patch Tuesday February 2018 updates address kernel issues

Recently, reports came out about system-level vulnerabilities that potentially allow an attacker to elevate privileges and access a system’s kernel memory. These vulnerabilities—Meltdown and Spectre—have been addressed in part by this month’s updates. Microsoft also patched 11 other kernel vulnerabilities that weren’t reported.

A few days ago, Microsoft publicly announced a flaw in Microsoft Edge’s same-origin policy (SoP) bypass technique. Luckily, there haven’t been any reports of this flaw being used before this patch was released.

Security updates for Adobe are now available

In addition to Adobe’s fix last week for the zero-day vulnerability in Adobe Flash Player, they also released some patches for Adobe Reader and Adobe Experience Manager.

Non-security updates 

Office 2010

  • Microsoft PowerPoint 2010 (KB4011187)
  • Microsoft PowerPoint Viewer 2010 (KB4011191)

Office 2013

  • Microsoft Excel 2013 (KB4011700)
  • Microsoft Office 2013 (KB4011646)
  • Microsoft PowerPoint 2013 (KB4011676)
  • Microsoft Project 2013 (KB4011679)
  • Skype for Business 2015 (KB4011678)

Office 2016

  • Microsoft Excel 2016 (KB4011684)
  • Microsoft Office 2016 (KB4011664)
  • Microsoft Office 2016 (KB4011668)
  • Microsoft Office 2016 (KB4011685)
  • Microsoft Office 2016 Language Interface Pack (KB4011566)
  • Microsoft OneNote 2016 (KB4011571)
  • Microsoft PowerPoint 2016 (KB4011663)
  • Microsoft Project 2016 (KB4011672)
  • Microsoft Word 2016 (KB4011681)
  • Skype for Business 2016 (KB4011662)

Automatically deploy Microsoft Patch Tuesday updates to your network 

If you don’t have an automated patch deployment procedure, it’s high time to employ one. To provide you with any assistance you might need ManageEngine which offers two solutions for automatically deploying patches: Desktop Central and Patch Manager Plus. If you use either of these, you’ll be able to sit back and watch your network’s vulnerabilities fade away, leaving you to focus on more important tasks. Also, these solutions let your technicians and system administrators ignore future Patch Tuesday updates since they automate the entire patch management process.

Download Desktop Central

Download Patch Manager Plus

If you need a personalized demo of either of these products, please feel free to reach out to our support team at cms-eval@manageengine.com.