Saturday, November 2, 2024
HomeComputer SecurityMicrosoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Published on

Malware protection

Microsoft released security update under patch Tuesday that affected many of its products along with certain critical Windows zero-day flaw.

There are 3 Zero-day vulnerability has been fixed along with more than 49 vulnerabilities that affected Microsoft products such as products such as Windows, Edge, Internet Explorer, Office, Exchange Server, and .NET Core, Power Shell Core.

Out of 48 vulnerabilities 18 are categorized as “CRITICAL” and rest of the flaws listed in other categories such as important.

- Advertisement - SIEM as a Service

In this Microsoft released security update also fixed 8 years old remote code execution bug that affected  Exchange Server is the resurfacing of a vulnerability that discovered in  2010.

Some of the following remote code execution flows that reported in public also fixed in this security updates.

  •  CVE-2018-8423 a remote code execution bug in JET Database Engine for Windows.
  •  CVE-2018-8497 a Windows Kernel Elevation of Privilege Vulnerability.
  •  CVE-2018-8531, a remote code execution flaw in Azure IoT device client.

Microsoft Released Security Update list

Microsoft Edge

Microsoft EdgeCVE-2018-8473Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8512Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-8530Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-8509Microsoft Edge Memory Corruption Vulnerability

Microsoft Office

Microsoft OfficeADV180026Microsoft Office Defense in Depth Update
Microsoft OfficeCVE-2018-8501Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8427Microsoft Graphics Components Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8504Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8502Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8432Microsoft Graphics Components Remote Code Execution Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8411NTFS Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8333Microsoft Filter Manager Elevation Of Privilege Vulnerability
Microsoft WindowsCVE-2018-8493Windows TCP/IP Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8506Microsoft Windows Codecs Library Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8511Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8500Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8505Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8503Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8510Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8513Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Office SharePoint

Microsoft Office SharePointCVE-2018-8498Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8480Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8488Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8518Microsoft SharePoint Elevation of Privilege Vulnerability

SQL Server

SQL ServerCVE-2018-8527SQL Server Management Studio Information Disclosure Vulnerability
SQL ServerCVE-2018-8532SQL Server Management Studio Information Disclosure Vulnerability
SQL ServerCVE-2018-8533SQL Server Management Studio Information Disclosure Vulnerability

Microsoft Graphics Component

Microsoft Graphics ComponentCVE-2018-8486DirectX Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2018-8484DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8453Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8472Windows GDI Information Disclosure Vulnerability

Internet Explorer

Internet ExplorerCVE-2018-8460Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2018-8491Internet Explorer Memory Corruption Vulnerability

Windows Hyper-V

Windows Hyper-VCVE-2018-8489Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-VCVE-2018-8490Windows Hyper-V Remote Code Execution Vulnerability

Windows Shell

Windows ShellCVE-2018-8413Windows Theme API Remote Code Execution Vulnerability
Windows ShellCVE-2018-8495Windows Shell Remote Code Execution Vulnerability

Windows Media Player

Windows Media PlayerCVE-2018-8482Windows Media Player Information Disclosure Vulnerability
Windows Media PlayerCVE-2018-8481Windows Media Player Information Disclosure Vulnerability

Windows – Linux

Windows – LinuxCVE-2018-8329Linux On Windows Elevation Of Privilege Vulnerability

Windows Kernel

Windows KernelCVE-2018-8330Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-8497Windows Kernel Elevation of Privilege Vulnerability

Microsoft Windows DNS

Microsoft Windows DNSCVE-2018-8320Windows DNS Security Feature Bypass Vulnerability

Microsoft XML Core Services

Microsoft XML Core ServicesCVE-2018-8494MS XML Remote Code Execution Vulnerability

Microsoft JET Database Engine

Microsoft JET Database EngineCVE-2018-8423Microsoft JET Database Engine Remote Code Execution Vulnerability

Azure & Device Guard

AzureCVE-2018-8531Azure IoT Device Client SDK Memory Corruption Vulnerability
Device GuardCVE-2018-8492Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Also Read:

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released

Google Released Security Updates for More than 40 Android Security vulnerabilities

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to...

New Windows Downgrade Attack Let Hackers Downgrade Patched Systems To Exploits

The researcher discovered a vulnerability in the Windows Update process that allowed them to...

Hackers Use Fog Ransomware To Attack SonicWall VPNs And Breach Corporate Networks

Recent cyberattacks involving Akira and Fog threat actors have targeted various industries, exploiting a...