Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Microsoft released security update under patch Tuesday that affected many of its products along with certain critical Windows zero-day flaw.

There are 3 Zero-day vulnerability has been fixed along with more than 49 vulnerabilities that affected Microsoft products such as products such as Windows, Edge, Internet Explorer, Office, Exchange Server, and .NET Core, Power Shell Core.

Out of 48 vulnerabilities 18 are categorized as “CRITICAL” and rest of the flaws listed in other categories such as important.

In this Microsoft released security update also fixed 8 years old remote code execution bug that affected  Exchange Server is the resurfacing of a vulnerability that discovered in  2010.

Some of the following remote code execution flows that reported in public also fixed in this security updates.

  • CVE-2018-8423 a remote code execution bug in JET Database Engine for Windows.
  • CVE-2018-8497 a Windows Kernel Elevation of Privilege Vulnerability.
  • CVE-2018-8531, a remote code execution flaw in Azure IoT device client.

Microsoft Released Security Update list

Microsoft Edge

Microsoft EdgeCVE-2018-8473Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8512Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-8530Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-8509Microsoft Edge Memory Corruption Vulnerability

Microsoft Office

Microsoft OfficeADV180026Microsoft Office Defense in Depth Update
Microsoft OfficeCVE-2018-8501Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8427Microsoft Graphics Components Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8504Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8502Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8432Microsoft Graphics Components Remote Code Execution Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8411NTFS Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8333Microsoft Filter Manager Elevation Of Privilege Vulnerability
Microsoft WindowsCVE-2018-8493Windows TCP/IP Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8506Microsoft Windows Codecs Library Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8511Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8500Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8505Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8503Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8510Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8513Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Office SharePoint

Microsoft Office SharePointCVE-2018-8498Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8480Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8488Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8518Microsoft SharePoint Elevation of Privilege Vulnerability

SQL Server

SQL ServerCVE-2018-8527SQL Server Management Studio Information Disclosure Vulnerability
SQL ServerCVE-2018-8532SQL Server Management Studio Information Disclosure Vulnerability
SQL ServerCVE-2018-8533SQL Server Management Studio Information Disclosure Vulnerability

Microsoft Graphics Component

Microsoft Graphics ComponentCVE-2018-8486DirectX Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2018-8484DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8453Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8472Windows GDI Information Disclosure Vulnerability

Internet Explorer

Internet ExplorerCVE-2018-8460Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2018-8491Internet Explorer Memory Corruption Vulnerability

Windows Hyper-V

Windows Hyper-VCVE-2018-8489Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-VCVE-2018-8490Windows Hyper-V Remote Code Execution Vulnerability

Windows Shell

Windows ShellCVE-2018-8413Windows Theme API Remote Code Execution Vulnerability
Windows ShellCVE-2018-8495Windows Shell Remote Code Execution Vulnerability

Windows Media Player

Windows Media PlayerCVE-2018-8482Windows Media Player Information Disclosure Vulnerability
Windows Media PlayerCVE-2018-8481Windows Media Player Information Disclosure Vulnerability

Windows – Linux

Windows – LinuxCVE-2018-8329Linux On Windows Elevation Of Privilege Vulnerability

Windows Kernel

Windows KernelCVE-2018-8330Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-8497Windows Kernel Elevation of Privilege Vulnerability

Microsoft Windows DNS

Microsoft Windows DNSCVE-2018-8320Windows DNS Security Feature Bypass Vulnerability

Microsoft XML Core Services

Microsoft XML Core ServicesCVE-2018-8494MS XML Remote Code Execution Vulnerability

Microsoft JET Database Engine

Microsoft JET Database EngineCVE-2018-8423Microsoft JET Database Engine Remote Code Execution Vulnerability

Azure & Device Guard

AzureCVE-2018-8531Azure IoT Device Client SDK Memory Corruption Vulnerability
Device GuardCVE-2018-8492Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Also Read:

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released

Google Released Security Updates for More than 40 Android Security vulnerabilities

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

10 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

10 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

13 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

16 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

17 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

17 hours ago