Wednesday, May 14, 2025
Follow us On Linkedin
HomeSecurity NewsMicrosoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Microsoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Security News

Published on

By Balaji
Microsoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Microsoft security updates released for June 2018 contains fixes for more than 50 vulnerabilities including for some of the products Critical remote code execution vulnerability.

Patch update released for some of the widely used Microsoft Product such as Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player.

In this updates, several products patched the remote code execution vulnerability and Memory Corruption Vulnerability especially Microsoft edge and Microsoft Windows.

- Advertisement - Google News

Apart from Microsoft Products, this June patch Tuesday updates contains an Adobe Flash Player zero-day (CVE-2018-5002) update.

Remote Code Execution Flaw Affected Products

Microsoft Edge and Internet Explorer based Memory Corruption Vulnerabilities are fixed with this security updates.

A remote code execution vulnerability exists when Microsoft Edge and  Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Office based Elevation of Privilege Vulnerability also patched which leads to an attacker who successfully exploited this vulnerability could perform script/content injection attacks.

Windows-based remote code execution vulnerability also fixed that exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.

HTTP Protocol Stack (Http.sys) also contain remote code execution flaw that improperly handles objects in memory. So An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system.

Microsoft Security Updates List

Microsoft Office

Microsoft OfficeCVE-2018-8246Microsoft Excel Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8247Microsoft Office Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8244Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8245Microsoft Office Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8254Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8248Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8252Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8175WEBDAV Denial of Service Vulnerability
Microsoft WindowsCVE-2018-1040Windows Code Integrity Module Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8251Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2018-0982Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8208Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8209Windows Wireless Network Profile Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8214Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8210Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8213Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8205Windows Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8231HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8239Windows GDI Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8226HTTP.sys Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8225Windows DNSAPI Remote Code Execution Vulnerability

Microsoft Edge & Internet Explorer

Internet ExplorerCVE-2018-0978Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2018-8113Internet Explorer Security Feature Bypass Vulnerability
Internet ExplorerCVE-2018-8249Internet Explorer Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8110Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8111Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8236Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8235Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-0871Microsoft Edge Information Disclosure Vulnerability
Microsoft EdgeCVE-2018-8234Microsoft Edge Information Disclosure Vulnerability

Device Guard

Device GuardCVE-2018-8215Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8212Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8211Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8221Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8217Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8216Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8201Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Windows Hyper-V

Windows Hyper-VCVE-2018-8218Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-VCVE-2018-8219Hypervisor Code Integrity Elevation of Privilege Vulnerability

Windows Kernel

Windows KernelCVE-2018-8207Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-8233Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2018-8224Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2018-8121Windows Kernel Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8229Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8227Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8267Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8243Scripting Engine Memory Corruption Vulnerability
Adobe Flash PlayerADV180014June 2018 Adobe Flash Security Update
HID Parser LibraryCVE-2018-8169HIDParser Elevation of Privilege Vulnerability

Microsoft also released a standalone security advisory  KB4338110, for padding oracle attack that Performs against encrypted data that allows the attacker to decrypt the contents of the data, without knowing the key.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

cyber security

Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access

Microsoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows...
APT

Earth Ammit Hackers Deploy New Tools to Target Military Drones

The threat actor group known as Earth Ammit, believed to be associated with Chinese-speaking...
cyber security

New Microsoft Scripting Engine Vulnerability Exposes Systems to Remote Code Attacks

Critical zero-day vulnerability in Microsoft’s Scripting Engine (CVE-2025-30397) has been confirmed to enable remote...
cyber security

Critical Microsoft Office Vulnerabilities Enable Malicious Code Execution

Microsoft has addressed three critical security flaws in its Office suite, including two vulnerabilities...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

cyber security

Phishing Campaign Uses Blob URLs to Bypass Email Security and Avoid Detection

Cybersecurity researchers at Cofense Intelligence have identified a sophisticated phishing tactic leveraging Blob URIs...
cyber security

UK Government to Shift Away from Passwords in New Security Move

UK government has unveiled plans to implement passkey technology across its digital services later...
Cyber Attack

New Spam Campaign Leverages Remote Monitoring Tools to Exploit Organizations

A sophisticated spam campaign targeting Portuguese-speaking users in Brazil has been uncovered by Cisco...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved