Thursday, January 30, 2025
Follow us On Linkedin
HomeSecurity NewsMicrosoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Microsoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Security News

Published on

By Balaji
Microsoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Free Webinar DevSecOps Hacks

SIEM as a Service

Follow Us on Google News

Microsoft security updates released for June 2018 contains fixes for more than 50 vulnerabilities including for some of the products Critical remote code execution vulnerability.

Patch update released for some of the widely used Microsoft Product such as Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player.

In this updates, several products patched the remote code execution vulnerability and Memory Corruption Vulnerability especially Microsoft edge and Microsoft Windows.

Apart from Microsoft Products, this June patch Tuesday updates contains an Adobe Flash Player zero-day (CVE-2018-5002) update.

Remote Code Execution Flaw Affected Products

Microsoft Edge and Internet Explorer based Memory Corruption Vulnerabilities are fixed with this security updates.

A remote code execution vulnerability exists when Microsoft Edge and  Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Office based Elevation of Privilege Vulnerability also patched which leads to an attacker who successfully exploited this vulnerability could perform script/content injection attacks.

Windows-based remote code execution vulnerability also fixed that exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.

HTTP Protocol Stack (Http.sys) also contain remote code execution flaw that improperly handles objects in memory. So An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system.

Microsoft Security Updates List

Microsoft Office

Microsoft OfficeCVE-2018-8246Microsoft Excel Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8247Microsoft Office Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8244Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8245Microsoft Office Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8254Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8248Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8252Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8175WEBDAV Denial of Service Vulnerability
Microsoft WindowsCVE-2018-1040Windows Code Integrity Module Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8251Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2018-0982Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8208Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8209Windows Wireless Network Profile Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8214Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8210Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8213Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8205Windows Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8231HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8239Windows GDI Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8226HTTP.sys Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8225Windows DNSAPI Remote Code Execution Vulnerability

Microsoft Edge & Internet Explorer

Internet ExplorerCVE-2018-0978Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2018-8113Internet Explorer Security Feature Bypass Vulnerability
Internet ExplorerCVE-2018-8249Internet Explorer Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8110Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8111Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8236Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8235Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-0871Microsoft Edge Information Disclosure Vulnerability
Microsoft EdgeCVE-2018-8234Microsoft Edge Information Disclosure Vulnerability

Device Guard

Device GuardCVE-2018-8215Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8212Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8211Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8221Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8217Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8216Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8201Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Windows Hyper-V

Windows Hyper-VCVE-2018-8218Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-VCVE-2018-8219Hypervisor Code Integrity Elevation of Privilege Vulnerability

Windows Kernel

Windows KernelCVE-2018-8207Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-8233Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2018-8224Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2018-8121Windows Kernel Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8229Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8227Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8267Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8243Scripting Engine Memory Corruption Vulnerability
Adobe Flash PlayerADV180014June 2018 Adobe Flash Security Update
HID Parser LibraryCVE-2018-8169HIDParser Elevation of Privilege Vulnerability

Microsoft also released a standalone security advisory  KB4338110, for padding oracle attack that Performs against encrypted data that allows the attacker to decrypt the contents of the data, without knowing the key.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

cyber security

Hackers Impersonate Top Tax Firm with 40,000 Phishing Messages to Steal Credentials

Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations...
Apache

Cybercriminals Exploit Public-Facing IIS, Apache, and SQL Servers to Breach Gov & Telecom Systems

A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated,...
Press Release

Doppler Announces Integration with Datadog to Streamline Security and Monitoring

Doppler, the leading provider of secrets management solutions, announced a new integration with Datadog,...
cyber security

Microsoft Enhances Windows 11 Security with Admin Protection to Prevent Crowdstrike-Like Incident

Microsoft has introduced "Administrator Protection" (AP), a sophisticated security feature aimed at elevating Windows...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

Register Now

More like this

cyber security

Microsoft Enhances Windows 11 Security with Admin Protection to Prevent Crowdstrike-Like Incident

Microsoft has introduced "Administrator Protection" (AP), a sophisticated security feature aimed at elevating Windows...
Cyber Security News

Russian APT28 Hackers Exploit Zero-Day Vulnerabilities to Target Government and Security Sectors

A detailed analysis from Maverits, a leading cybersecurity firm, reveals a significant evolution in...
cyber security

Critical Vulnerability in IBM Security Directory Enables Session Cookie Theft

IBM has announced the resolution of several security vulnerabilities affecting its IBM Security Directory...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved