Wednesday, March 26, 2025
Follow us On Linkedin
HomeSecurity NewsMicrosoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Microsoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Security News

Published on

By Balaji
Microsoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Microsoft security updates released for June 2018 contains fixes for more than 50 vulnerabilities including for some of the products Critical remote code execution vulnerability.

Patch update released for some of the widely used Microsoft Product such as Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player.

In this updates, several products patched the remote code execution vulnerability and Memory Corruption Vulnerability especially Microsoft edge and Microsoft Windows.

Apart from Microsoft Products, this June patch Tuesday updates contains an Adobe Flash Player zero-day (CVE-2018-5002) update.

Remote Code Execution Flaw Affected Products

Microsoft Edge and Internet Explorer based Memory Corruption Vulnerabilities are fixed with this security updates.

A remote code execution vulnerability exists when Microsoft Edge and  Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Office based Elevation of Privilege Vulnerability also patched which leads to an attacker who successfully exploited this vulnerability could perform script/content injection attacks.

Windows-based remote code execution vulnerability also fixed that exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.

HTTP Protocol Stack (Http.sys) also contain remote code execution flaw that improperly handles objects in memory. So An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system.

Microsoft Security Updates List

Microsoft Office

Microsoft OfficeCVE-2018-8246Microsoft Excel Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8247Microsoft Office Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8244Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8245Microsoft Office Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8254Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8248Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8252Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8175WEBDAV Denial of Service Vulnerability
Microsoft WindowsCVE-2018-1040Windows Code Integrity Module Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8251Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2018-0982Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8208Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8209Windows Wireless Network Profile Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8214Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8210Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8213Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8205Windows Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8231HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8239Windows GDI Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8226HTTP.sys Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8225Windows DNSAPI Remote Code Execution Vulnerability

Microsoft Edge & Internet Explorer

Internet ExplorerCVE-2018-0978Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2018-8113Internet Explorer Security Feature Bypass Vulnerability
Internet ExplorerCVE-2018-8249Internet Explorer Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8110Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8111Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8236Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8235Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-0871Microsoft Edge Information Disclosure Vulnerability
Microsoft EdgeCVE-2018-8234Microsoft Edge Information Disclosure Vulnerability

Device Guard

Device GuardCVE-2018-8215Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8212Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8211Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8221Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8217Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8216Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8201Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Windows Hyper-V

Windows Hyper-VCVE-2018-8218Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-VCVE-2018-8219Hypervisor Code Integrity Elevation of Privilege Vulnerability

Windows Kernel

Windows KernelCVE-2018-8207Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-8233Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2018-8224Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2018-8121Windows Kernel Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8229Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8227Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8267Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8243Scripting Engine Memory Corruption Vulnerability
Adobe Flash PlayerADV180014June 2018 Adobe Flash Security Update
HID Parser LibraryCVE-2018-8169HIDParser Elevation of Privilege Vulnerability

Microsoft also released a standalone security advisory  KB4338110, for padding oracle attack that Performs against encrypted data that allows the attacker to decrypt the contents of the data, without knowing the key.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Browser

Cybercriminals Bypass Security Using Legitimate Tools & Browser Extensions to Deliver Malware

In the second half of 2024, cybercriminals have increasingly leveraged legitimate Microsoft tools and...
AI

Malicious AI Tools See 200% Surge as ChatGPT Jailbreaking Talks Increase by 52%

The cybersecurity landscape in 2024 witnessed a significant escalation in AI-related threats, with malicious...
cyber security

Banking Malware Infects 248,000 Mobile Users Through Social Engineering Techniques

In 2024, the number of users affected by mobile banking malware skyrocketed to nearly...
cyber security

Researchers Compare Malware Development in Rust vs C and C++

Security researcher Nick Cerne from Bishop Fox has published findings comparing malware development in...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

cyber security

Clio: Real-Time Logging Tool with Locking, User Authentication, and Audit Trails

Clio is a cutting-edge, secure logging platform designed specifically for red team operations and...
cyber security

Enhancing Satellite Security by Encrypting Video Data Directly on Payloads

The rapid expansion of low-Earth orbit (LEO) satellite constellations has underscored the need for...
cyber security

49,000+ Access Management Systems Worldwide Exposed to Major Security Gaps

A recent study conducted by Dutch IT security consultancy Modat has revealed alarming vulnerabilities...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved