Microsoft Released Security Updates & Fixed 39 Vulnerabilities Including Active Zero-day

Microsoft released security updates under December Patch Tuesday and fixed several vulnerabilities that affected various Microsoft products.

There are 39 vulnerabilities were addressed including the active zero-day vulnerability that could exploit using malware and attackers execute the code in the kernel.

Following Microsoft products are patched in this December security release along with some of the critical security vulnerabilities.

• Adobe Flash Player
• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• .NET Framework
• Microsoft Dynamics NAV
• Microsoft Exchange Server
• Microsoft Visual Studio
• Windows Azure Pack (WAP)

In this case, Microsoft marked 9 vulnerabilities as “critical,” that allow very serious impact and a remote attacker could take over the vulnerable applications and 30 flaws rated as “important”.

CVE-2018-8517, A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application,” . “The vulnerability can be exploited remotely, without authentication.”

Rapid7 reported  Internet Explorer (CVE-2018-8631) and Edge (CVE-2018-8624) which considered by Microsoft that most likely to be exploited.

Microsoft Security Updates

Microsoft Office

Microsoft Office	CVE-2018-8628	Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office	CVE-2018-8636	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2018-8627	Microsoft Excel Information Disclosure Vulnerability
Microsoft Office	CVE-2018-8598	Microsoft Excel Information Disclosure Vulnerability
Microsoft Office	CVE-2018-8587	Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office	CVE-2018-8597	Microsoft Excel Remote Code Execution Vulnerability

Microsoft Scripting Engine

Microsoft Scripting Engine	CVE-2018-8629	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8643	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8625	Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine	CVE-2018-8617	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8583	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8618	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8624	Chakra Scripting Engine Memory Corruption Vulnerability

Windows Kernel

Windows Kernel	CVE-2018-8477	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2018-8621	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2018-8612	Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Windows Kernel	CVE-2018-8611	Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel	CVE-2018-8622	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2018-8637	Win32k Information Disclosure Vulnerability

Microsoft Office SharePoint

Microsoft Office SharePoint	CVE-2018-8635	Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft Office SharePoint	CVE-2018-8580	Microsoft SharePoint Information Disclosure Vulnerability

Microsoft Windows DNS

Microsoft Windows DNS	CVE-2018-8514	Remote Procedure Call runtime Information Disclosure Vulnerability
Microsoft Windows DNS	CVE-2018-8626	Windows DNS Server Heap Overflow Vulnerability

NET Framework

.NET Framework	CVE-2018-8517	.NET Framework Denial Of Service Vulnerability
.NET Framework	CVE-2018-8540	.NET Framework Remote Code Injection Vulnerability

Adobe Flash Player

Adobe Flash Player

ADV180031

December 2018 Adobe Flash Security Update

Other Vulnerabilities

Microsoft Dynamics	CVE-2018-8651	Microsoft Dynamics NAV Cross Site Scripting Vulnerability
Microsoft Exchange Server	CVE-2018-8604	Microsoft Exchange Server Tampering Vulnerability

Visual Studio	CVE-2018-8599	Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Windows Authentication Methods	CVE-2018-8634	Microsoft Text-To-Speech Remote Code Execution Vulnerability
Windows Azure Pack	CVE-2018-8652	Windows Azure Pack Cross Site Scripting Vulnerability

Windows Kernel-Mode Drivers

CVE-2018-8641

Win32k Elevation of Privilege Vulnerability

Internet Explorer	CVE-2018-8619	Internet Explorer Remote Code Execution Vulnerability
Internet Explorer	CVE-2018-8631	Internet Explorer Memory Corruption Vulnerability
Microsoft Dynamics	CVE-2018-8651	Microsoft Dynamics NAV Cross Site Scripting Vulnerability
Microsoft Exchange Server	CVE-2018-8604	Microsoft Exchange Server Tampering Vulnerability

Also Read:

• Apple Released Security Updates for iOS, Safari, iCloud, watchOS, tvOS
• VMware Releases Critical Security Updates for Multiple Vulnerabilities

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.