Thursday, March 28, 2024

Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Microsoft released security update under patch Tuesday that affected many of its products along with certain critical Windows zero-day flaw.

There are 3 Zero-day vulnerability has been fixed along with more than 49 vulnerabilities that affected Microsoft products such as products such as Windows, Edge, Internet Explorer, Office, Exchange Server, and .NET Core, Power Shell Core.

Out of 48 vulnerabilities 18 are categorized as “CRITICAL” and rest of the flaws listed in other categories such as important.

In this Microsoft released security update also fixed 8 years old remote code execution bug that affected  Exchange Server is the resurfacing of a vulnerability that discovered in  2010.

Some of the following remote code execution flows that reported in public also fixed in this security updates.

  •  CVE-2018-8423 a remote code execution bug in JET Database Engine for Windows.
  •  CVE-2018-8497 a Windows Kernel Elevation of Privilege Vulnerability.
  •  CVE-2018-8531, a remote code execution flaw in Azure IoT device client.

Microsoft Released Security Update list

Microsoft Edge

Microsoft EdgeCVE-2018-8473Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8512Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-8530Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-8509Microsoft Edge Memory Corruption Vulnerability

Microsoft Office

Microsoft OfficeADV180026Microsoft Office Defense in Depth Update
Microsoft OfficeCVE-2018-8501Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8427Microsoft Graphics Components Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8504Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8502Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8432Microsoft Graphics Components Remote Code Execution Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8411NTFS Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8333Microsoft Filter Manager Elevation Of Privilege Vulnerability
Microsoft WindowsCVE-2018-8493Windows TCP/IP Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8506Microsoft Windows Codecs Library Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8511Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8500Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8505Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8503Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8510Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8513Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Office SharePoint

Microsoft Office SharePointCVE-2018-8498Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8480Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8488Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8518Microsoft SharePoint Elevation of Privilege Vulnerability

SQL Server

SQL ServerCVE-2018-8527SQL Server Management Studio Information Disclosure Vulnerability
SQL ServerCVE-2018-8532SQL Server Management Studio Information Disclosure Vulnerability
SQL ServerCVE-2018-8533SQL Server Management Studio Information Disclosure Vulnerability

Microsoft Graphics Component

Microsoft Graphics ComponentCVE-2018-8486DirectX Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2018-8484DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8453Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8472Windows GDI Information Disclosure Vulnerability

Internet Explorer

Internet ExplorerCVE-2018-8460Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2018-8491Internet Explorer Memory Corruption Vulnerability

Windows Hyper-V

Windows Hyper-VCVE-2018-8489Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-VCVE-2018-8490Windows Hyper-V Remote Code Execution Vulnerability

Windows Shell

Windows ShellCVE-2018-8413Windows Theme API Remote Code Execution Vulnerability
Windows ShellCVE-2018-8495Windows Shell Remote Code Execution Vulnerability

Windows Media Player

Windows Media PlayerCVE-2018-8482Windows Media Player Information Disclosure Vulnerability
Windows Media PlayerCVE-2018-8481Windows Media Player Information Disclosure Vulnerability

Windows – Linux

Windows – LinuxCVE-2018-8329Linux On Windows Elevation Of Privilege Vulnerability

Windows Kernel

Windows KernelCVE-2018-8330Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-8497Windows Kernel Elevation of Privilege Vulnerability

Microsoft Windows DNS

Microsoft Windows DNSCVE-2018-8320Windows DNS Security Feature Bypass Vulnerability

Microsoft XML Core Services

Microsoft XML Core ServicesCVE-2018-8494MS XML Remote Code Execution Vulnerability

Microsoft JET Database Engine

Microsoft JET Database EngineCVE-2018-8423Microsoft JET Database Engine Remote Code Execution Vulnerability

Azure & Device Guard

AzureCVE-2018-8531Azure IoT Device Client SDK Memory Corruption Vulnerability
Device GuardCVE-2018-8492Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Also Read:

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released

Google Released Security Updates for More than 40 Android Security vulnerabilities

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles