[SingCERT] Advisory on Important Microsoft vulnerabilities affecting Office, .NET Framework and ASP.NET Core

Published on Friday, 12 January 2018 17:44


On 9 January 2018, Microsoft announced the release of several security patches to fix vulnerabilities affecting Microsoft Office, the .NET Framework, and ASP.NET Core, amongst others.

There are three key vulnerabilities to note:
The first (zero-day) vulnerability, CVE-2018-0802, is a remote code execution hole in Microsoft Office. It is triggered when the user opens a specially crafted malicious Word file in Office or WordPad. The vulnerability can be exploited when users click on a link in an email or instant message, thereby opening the malicious file.

The second vulnerability, CVE-2018-0786, is a certificate validation bypass in .NET Framework, which allows invalid certificates to appear valid.

The third vulnerability, CVE-2018-0785, is a Cross-Site Request Forgery (CSRF) vulnerability in the individual authentication templates for ASP.NET Core. As a result, users are susceptible to account hijacking by way of a cross-site scripting attack.

Affected Products

  • Microsoft Office 2007, 2010, 2013, 2016
  • Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7
  • .NET Core 1.0 and 2.0
  • ASP.NET Core 1.0. 1.1, and 2.0

An attacker can exploit these vulnerabilities for various malicious intents: 

  • Remote code execution, which allows the attacker to take complete control of the user's machine.
  • Bypass certain security restrictions and perform unauthorised actions which may aid in further cyber-attacks.
  • Change the recovery codes associated with the victim's user account without his/her consent. As a result, a victim who loses his/her 2FA device may be permanently locked out of his/her account as the initial recovery codes will not be valid. Also, the attacker will be able to perform unauthorised operations such as fund transfers from the victim's account.