For this month’s Patch Tuesday, Microsoft has released patches covering 55 vulnerabilities, with 15 ranked as critical. This includes out-of-band Office patches from mid-January as well as patches for Adobe Flash that were released last week.
From this list, there are patches for a vulnerability (CVE-2018-0825) that impacts StructuredQuery in Windows servers and workstations. Exploitation of this vulnerability would be through a malicious file and would lead to remote code execution. This patch should be at the top of the priority list, aside from the Adobe Flash patches mentioned below.
There are also patches for vulnerabilities in Microsoft Outlook which could lead to remote code execution. Most of the remaining Microsoft vulnerabilities are for the Scripting Engine, which primarily impacts browsers. These patches should be prioritized on workstation-type devices.
Out-of-band patches were released in January for Microsoft Office’s Equation Editor, and Microsoft is ranking these as “Important.” These patches disable the Equation Editor functionality in Office to avoid further security issues.
Adobe has released several patches, including some from last week covering Flash, Reader, Acrobat, and Adobe Experience Manager. The Reader and Acrobat patches cover a whopping 41 vulnerabilities, while the Flash and Experience Manager patches each cover two. There are active exploits against the Flash vulnerabilities, and should be patched immediately, followed quickly by the Reader and Acrobat patches.