Friday, March 29, 2024

Microsoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Microsoft security updates released for June 2018 contains fixes for more than 50 vulnerabilities including for some of the products Critical remote code execution vulnerability.

Patch update released for some of the widely used Microsoft Product such as Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player.

In this updates, several products patched the remote code execution vulnerability and Memory Corruption Vulnerability especially Microsoft edge and Microsoft Windows.

Apart from Microsoft Products, this June patch Tuesday updates contains an Adobe Flash Player zero-day (CVE-2018-5002) update.

Remote Code Execution Flaw Affected Products

Microsoft Edge and Internet Explorer based Memory Corruption Vulnerabilities are fixed with this security updates.

A remote code execution vulnerability exists when Microsoft Edge and  Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Office based Elevation of Privilege Vulnerability also patched which leads to an attacker who successfully exploited this vulnerability could perform script/content injection attacks.

Windows-based remote code execution vulnerability also fixed that exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.

HTTP Protocol Stack (Http.sys) also contain remote code execution flaw that improperly handles objects in memory. So An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system.

Microsoft Security Updates List

Microsoft Office

Microsoft OfficeCVE-2018-8246Microsoft Excel Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-8247Microsoft Office Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8244Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8245Microsoft Office Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8254Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-8248Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-8252Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2018-8175WEBDAV Denial of Service Vulnerability
Microsoft WindowsCVE-2018-1040Windows Code Integrity Module Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8251Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2018-0982Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8208Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8209Windows Wireless Network Profile Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8214Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-8210Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8213Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8205Windows Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8231HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-8239Windows GDI Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-8226HTTP.sys Denial of Service Vulnerability
Microsoft WindowsCVE-2018-8225Windows DNSAPI Remote Code Execution Vulnerability

Microsoft Edge & Internet Explorer

Internet ExplorerCVE-2018-0978Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2018-8113Internet Explorer Security Feature Bypass Vulnerability
Internet ExplorerCVE-2018-8249Internet Explorer Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8110Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8111Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8236Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2018-8235Microsoft Edge Security Feature Bypass Vulnerability
Microsoft EdgeCVE-2018-0871Microsoft Edge Information Disclosure Vulnerability
Microsoft EdgeCVE-2018-8234Microsoft Edge Information Disclosure Vulnerability

Device Guard

Device GuardCVE-2018-8215Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8212Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8211Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8221Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8217Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8216Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device GuardCVE-2018-8201Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Windows Hyper-V

Windows Hyper-VCVE-2018-8218Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-VCVE-2018-8219Hypervisor Code Integrity Elevation of Privilege Vulnerability

Windows Kernel

Windows KernelCVE-2018-8207Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-8233Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2018-8224Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2018-8121Windows Kernel Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2018-8229Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8227Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8267Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-8243Scripting Engine Memory Corruption Vulnerability
Adobe Flash PlayerADV180014June 2018 Adobe Flash Security Update
HID Parser LibraryCVE-2018-8169HIDParser Elevation of Privilege Vulnerability

Microsoft also released a standalone security advisory  KB4338110, for padding oracle attack that Performs against encrypted data that allows the attacker to decrypt the contents of the data, without knowing the key.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles