Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Microsoft released security update under patch Tuesday that affected many of its products along with certain critical Windows zero-day flaw.

There are 3 Zero-day vulnerability has been fixed along with more than 49 vulnerabilities that affected Microsoft products such as products such as Windows, Edge, Internet Explorer, Office, Exchange Server, and .NET Core, Power Shell Core.

Out of 48 vulnerabilities 18 are categorized as “CRITICAL” and rest of the flaws listed in other categories such as important.

In this Microsoft released security update also fixed 8 years old remote code execution bug that affected  Exchange Server is the resurfacing of a vulnerability that discovered in  2010.

Some of the following remote code execution flows that reported in public also fixed in this security updates.

  • CVE-2018-8423 a remote code execution bug in JET Database Engine for Windows.
  • CVE-2018-8497 a Windows Kernel Elevation of Privilege Vulnerability.
  • CVE-2018-8531, a remote code execution flaw in Azure IoT device client.

Microsoft Released Security Update list

Microsoft Edge

Microsoft EdgeCVE-2018-8473Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8512Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-8530Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-8509Microsoft Edge Memory Corruption Vulnerability

Microsoft Office

Microsoft OfficeADV180026Microsoft Office Defense in Depth Update
Microsoft OfficeCVE-2018-8501Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8427Microsoft Graphics Components Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8504Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8502Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8432Microsoft Graphics Components Remote Code Execution Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8411NTFS Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8333Microsoft Filter Manager Elevation Of Privilege Vulnerability
Microsoft WindowsCVE-2018-8493Windows TCP/IP Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8506Microsoft Windows Codecs Library Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8511Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8500Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8505Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8503Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8510Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8513Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Office SharePoint

Microsoft Office SharePointCVE-2018-8498Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8480Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8488Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8518Microsoft SharePoint Elevation of Privilege Vulnerability

SQL Server

SQL ServerCVE-2018-8527SQL Server Management Studio Information Disclosure Vulnerability
SQL ServerCVE-2018-8532SQL Server Management Studio Information Disclosure Vulnerability
SQL ServerCVE-2018-8533SQL Server Management Studio Information Disclosure Vulnerability

Microsoft Graphics Component

Microsoft Graphics ComponentCVE-2018-8486DirectX Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2018-8484DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8453Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8472Windows GDI Information Disclosure Vulnerability

Internet Explorer

Internet ExplorerCVE-2018-8460Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2018-8491Internet Explorer Memory Corruption Vulnerability

Windows Hyper-V

Windows Hyper-VCVE-2018-8489Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-VCVE-2018-8490Windows Hyper-V Remote Code Execution Vulnerability

Windows Shell

Windows ShellCVE-2018-8413Windows Theme API Remote Code Execution Vulnerability
Windows ShellCVE-2018-8495Windows Shell Remote Code Execution Vulnerability

Windows Media Player

Windows Media PlayerCVE-2018-8482Windows Media Player Information Disclosure Vulnerability
Windows Media PlayerCVE-2018-8481Windows Media Player Information Disclosure Vulnerability

Windows – Linux

Windows – LinuxCVE-2018-8329Linux On Windows Elevation Of Privilege Vulnerability

Windows Kernel

Windows KernelCVE-2018-8330Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-8497Windows Kernel Elevation of Privilege Vulnerability

Microsoft Windows DNS

Microsoft Windows DNSCVE-2018-8320Windows DNS Security Feature Bypass Vulnerability

Microsoft XML Core Services

Microsoft XML Core ServicesCVE-2018-8494MS XML Remote Code Execution Vulnerability

Microsoft JET Database Engine

Microsoft JET Database EngineCVE-2018-8423Microsoft JET Database Engine Remote Code Execution Vulnerability

Azure & Device Guard

AzureCVE-2018-8531Azure IoT Device Client SDK Memory Corruption Vulnerability
Device GuardCVE-2018-8492Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Also Read:

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released

Google Released Security Updates for More than 40 Android Security vulnerabilities

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

2 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

2 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

3 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

5 hours ago

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by the…

5 hours ago

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…

5 hours ago