Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Microsoft released security update under patch Tuesday that affected many of its products along with certain critical Windows zero-day flaw.

There are 3 Zero-day vulnerability has been fixed along with more than 49 vulnerabilities that affected Microsoft products such as products such as Windows, Edge, Internet Explorer, Office, Exchange Server, and .NET Core, Power Shell Core.

Out of 48 vulnerabilities 18 are categorized as “CRITICAL” and rest of the flaws listed in other categories such as important.

In this Microsoft released security update also fixed 8 years old remote code execution bug that affected  Exchange Server is the resurfacing of a vulnerability that discovered in  2010.

Some of the following remote code execution flows that reported in public also fixed in this security updates.

  • CVE-2018-8423 a remote code execution bug in JET Database Engine for Windows.
  • CVE-2018-8497 a Windows Kernel Elevation of Privilege Vulnerability.
  • CVE-2018-8531, a remote code execution flaw in Azure IoT device client.

Microsoft Released Security Update list

Microsoft Edge

Microsoft EdgeCVE-2018-8473Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8512Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-8530Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-8509Microsoft Edge Memory Corruption Vulnerability

Microsoft Office

Microsoft OfficeADV180026Microsoft Office Defense in Depth Update
Microsoft OfficeCVE-2018-8501Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8427Microsoft Graphics Components Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8504Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8502Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8432Microsoft Graphics Components Remote Code Execution Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8411NTFS Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8333Microsoft Filter Manager Elevation Of Privilege Vulnerability
Microsoft WindowsCVE-2018-8493Windows TCP/IP Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8506Microsoft Windows Codecs Library Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8511Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8500Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8505Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8503Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8510Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8513Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Office SharePoint

Microsoft Office SharePointCVE-2018-8498Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8480Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8488Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2018-8518Microsoft SharePoint Elevation of Privilege Vulnerability

SQL Server

SQL ServerCVE-2018-8527SQL Server Management Studio Information Disclosure Vulnerability
SQL ServerCVE-2018-8532SQL Server Management Studio Information Disclosure Vulnerability
SQL ServerCVE-2018-8533SQL Server Management Studio Information Disclosure Vulnerability

Microsoft Graphics Component

Microsoft Graphics ComponentCVE-2018-8486DirectX Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2018-8484DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8453Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-8472Windows GDI Information Disclosure Vulnerability

Internet Explorer

Internet ExplorerCVE-2018-8460Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2018-8491Internet Explorer Memory Corruption Vulnerability

Windows Hyper-V

Windows Hyper-VCVE-2018-8489Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-VCVE-2018-8490Windows Hyper-V Remote Code Execution Vulnerability

Windows Shell

Windows ShellCVE-2018-8413Windows Theme API Remote Code Execution Vulnerability
Windows ShellCVE-2018-8495Windows Shell Remote Code Execution Vulnerability

Windows Media Player

Windows Media PlayerCVE-2018-8482Windows Media Player Information Disclosure Vulnerability
Windows Media PlayerCVE-2018-8481Windows Media Player Information Disclosure Vulnerability

Windows – Linux

Windows – LinuxCVE-2018-8329Linux On Windows Elevation Of Privilege Vulnerability

Windows Kernel

Windows KernelCVE-2018-8330Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-8497Windows Kernel Elevation of Privilege Vulnerability

Microsoft Windows DNS

Microsoft Windows DNSCVE-2018-8320Windows DNS Security Feature Bypass Vulnerability

Microsoft XML Core Services

Microsoft XML Core ServicesCVE-2018-8494MS XML Remote Code Execution Vulnerability

Microsoft JET Database Engine

Microsoft JET Database EngineCVE-2018-8423Microsoft JET Database Engine Remote Code Execution Vulnerability

Azure & Device Guard

AzureCVE-2018-8531Azure IoT Device Client SDK Memory Corruption Vulnerability
Device GuardCVE-2018-8492Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Also Read:

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released

Google Released Security Updates for More than 40 Android Security vulnerabilities

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…

5 hours ago

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…

6 hours ago

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…

6 hours ago

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…

6 hours ago

New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine

A security researcher discovered a vulnerability in Windows theme files in the previous year, which…

6 hours ago

SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…

6 hours ago