Microsoft released security updates under this month patch Tuesday release for various Microsoft products along with the recently discovered Windows Zero-day vulnerability.
Microsoft fixed almost 62 vulnerabilities that affected its product including ASP.NET, Microsoft Edge, Microsoft Office, Microsoft.Data.OData, Adobe Flash Player, .NET Framework, Microsoft Office, Skype for Business and Microsoft Lync, Visual Studio, PowerShell Editor Services.
This Patch release fixed all the security fixes for vulnerabilities that affect Windows 10 including the Windows Task Scheduler Zero day flaw.
Out of the 62 Microsoft security updates CVEs, 17 are listed as Critical, 43 are rated Important, and one is rated as Moderate in severity.
In this case, Four of these bugs are listed as publicly known at the time of release and one of these is reported as being actively exploited which is reveal by the security researchers in Twitter.
Microsoft Releases September 2018 Security Updates https://t.co/wIw7KQJj2x #NCCIC #cyber #cybersecurity #infosec
— CISA Cyber (@CISACyber) September 11, 2018
Browser bugs again feature prominently in this month’s release with 19 patches for browser-related issues and 14 Information disclosure bugs being addressed across various components.
Microsoft Released Security Updates List
| CVE | Title | Severity |
| CVE-2018-8440 | Windows ALPC Elevation of Privilege Vulnerability | Important |
| CVE-2018-8475 | Windows Remote Code Execution Vulnerability | Critical |
| CVE-2018-8457 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8409 | ASP.NET Core Denial of Service | Important |
| CVE-2018-0965 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| CVE-2018-8367 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8420 | MS XML Remote Code Execution Vulnerability | Critical |
| CVE-2018-8461 | Internet Explorer Memory Corruption Vulnerability | Critical |
| CVE-2018-8332 | Win32k Graphics Remote Code Execution Vulnerability | Critical |
| CVE-2018-8391 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8421 | .NET Framework Remote Code Execution Vulnerability | Critical |
| CVE-2018-8439 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| CVE-2018-8447 | Internet Explorer Memory Corruption Vulnerability | Critical |
| CVE-2018-8456 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8459 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8464 | Microsoft Edge PDF Remote Code Execution Vulnerability | Critical |
| CVE-2018-8465 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8466 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8467 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8479 | Azure IoT SDK Spoofing Vulnerability | Important |
| CVE-2018-8269 | Odata Denial of Service Vulnerability | Important |
| CVE-2018-8335 | Windows SMB Denial of Service Vulnerability | Important |
| CVE-2018-8436 | Windows Hyper-V Denial of Service Vulnerability | Important |
| CVE-2018-8437 | Windows Hyper-V Denial of Service Vulnerability | Important |
| CVE-2018-8438 | Windows Denial of Service Vulnerability | Important |
| CVE-2018-8410 | Windows Registry Elevation of Privilege Vulnerability | Important |
| CVE-2018-8462 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2018-8428 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
| CVE-2018-8431 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
| CVE-2018-8441 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important |
| CVE-2018-8455 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2018-8463 | Microsoft Edge Elevation of Privilege Vulnerability | Important |
| CVE-2018-8468 | Windows Elevation of Privilege Vulnerability | Important |
| CVE-2018-8469 | Microsoft Edge Elevation of Privilege Vulnerability | Important |
| CVE-2018-8271 | Windows Information Disclosure Vulnerability | Important |
| CVE-2018-8315 | Microsoft Scripting Engine Information Disclosure Vulnerability | Important |
| CVE-2018-8336 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2018-8419 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2018-8424 | Windows GDI Information Disclosure Vulnerability | Important |
| CVE-2018-8433 | Microsoft Graphics Component Information Disclosure Vulnerability | Important |
| CVE-2018-8429 | Microsoft Excel Information Disclosure Vulnerability | Important |
| CVE-2018-8434 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| CVE-2018-8442 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2018-8443 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2018-8444 | Windows SMB Information Disclosure Vulnerability | Important |
| CVE-2018-8445 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2018-8446 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2018-8452 | Scripting Engine Information Disclosure Vulnerability | Important |
| CVE-2018-8354 | Scripting Engine Memory Corruption Vulnerability | Important |
| CVE-2018-8366 | Microsoft Edge Information Disclosure Vulnerability | Important |
| CVE-2018-8392 | Microsoft JET Database Engine Remote Code Execution Vulnerability | Important |
| CVE-2018-8393 | Microsoft JET Database Engine Remote Code Execution Vulnerability | Important |
| CVE-2018-8430 | Word PDF Remote Code Execution Vulnerability | Important |
| CVE-2018-8331 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2018-8337 | Windows Subsystem for Linux Security Feature Bypass Vulnerability | Important |
| CVE-2018-8435 | Windows Hyper-V Security Feature Bypass Vulnerability | Important |
| CVE-2018-8449 | Device Guard Security Feature Bypass Vulnerability | Important |
| CVE-2018-8470 | Internet Explorer Security Feature Bypass Vulnerability | Important |
| CVE-2018-8425 | Microsoft Edge Spoofing Vulnerability | Important |
| CVE-2018-8426 | Microsoft Office SharePoint XSS Vulnerability | Important |
| CVE-2018-8474 | Lync for Mac 2011 Security Feature Bypass Vulnerability | Moderate |
Also Read:
Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities
Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released
Google Released Security Updates for More than 40 Android Security vulnerabilities
WordPress Update 4.9.7 – Critical Security Update to Resolve Bugs and Security Issues
VMware Released Security Updates for Critical Remote Code Execution Vulnerability
Microsoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities
