Microsoft security updates released for June 2018 contains fixes for more than 50 vulnerabilities including for some of the products Critical remote code execution vulnerability.
Patch update released for some of the widely used Microsoft Product such as Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player.
In this updates, several products patched the remote code execution vulnerability and Memory Corruption Vulnerability especially Microsoft edge and Microsoft Windows.
Apart from Microsoft Products, this June patch Tuesday updates contains an Adobe Flash Player zero-day (CVE-2018-5002) update.
Microsoft Edge and Internet Explorer based Memory Corruption Vulnerabilities are fixed with this security updates.
A remote code execution vulnerability exists when Microsoft Edge and Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.
Microsoft Office based Elevation of Privilege Vulnerability also patched which leads to an attacker who successfully exploited this vulnerability could perform script/content injection attacks.
Windows-based remote code execution vulnerability also fixed that exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.
HTTP Protocol Stack (Http.sys) also contain remote code execution flaw that improperly handles objects in memory. So An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system.
Microsoft Office
Microsoft Office | CVE-2018-8246 | Microsoft Excel Information Disclosure Vulnerability |
Microsoft Office | CVE-2018-8247 | Microsoft Office Elevation of Privilege Vulnerability |
Microsoft Office | CVE-2018-8244 | Microsoft Outlook Elevation of Privilege Vulnerability |
Microsoft Office | CVE-2018-8245 | Microsoft Office Elevation of Privilege Vulnerability |
Microsoft Office | CVE-2018-8254 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Office | CVE-2018-8248 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8252 | Microsoft SharePoint Elevation of Privilege Vulnerability |
Microsoft Windows
Microsoft Windows | CVE-2018-8175 | WEBDAV Denial of Service Vulnerability |
Microsoft Windows | CVE-2018-1040 | Windows Code Integrity Module Denial of Service Vulnerability |
Microsoft Windows | CVE-2018-8251 | Media Foundation Memory Corruption Vulnerability |
Microsoft Windows | CVE-2018-0982 | Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2018-8208 | Windows Desktop Bridge Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2018-8209 | Windows Wireless Network Profile Information Disclosure Vulnerability |
Microsoft Windows | CVE-2018-8214 | Windows Desktop Bridge Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2018-8210 | Windows Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2018-8213 | Windows Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2018-8205 | Windows Denial of Service Vulnerability |
Microsoft Windows | CVE-2018-8231 | HTTP Protocol Stack Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2018-8239 | Windows GDI Information Disclosure Vulnerability |
Microsoft Windows | CVE-2018-8226 | HTTP.sys Denial of Service Vulnerability |
Microsoft Windows | CVE-2018-8225 | Windows DNSAPI Remote Code Execution Vulnerability |
Microsoft Edge & Internet Explorer
Internet Explorer | CVE-2018-0978 | Internet Explorer Memory Corruption Vulnerability |
Internet Explorer | CVE-2018-8113 | Internet Explorer Security Feature Bypass Vulnerability |
Internet Explorer | CVE-2018-8249 | Internet Explorer Memory Corruption Vulnerability |
Microsoft Edge | CVE-2018-8110 | Microsoft Edge Memory Corruption Vulnerability |
Microsoft Edge | CVE-2018-8111 | Microsoft Edge Memory Corruption Vulnerability |
Microsoft Edge | CVE-2018-8236 | Microsoft Edge Memory Corruption Vulnerability |
Microsoft Edge | CVE-2018-8235 | Microsoft Edge Security Feature Bypass Vulnerability |
Microsoft Edge | CVE-2018-0871 | Microsoft Edge Information Disclosure Vulnerability |
Microsoft Edge | CVE-2018-8234 | Microsoft Edge Information Disclosure Vulnerability |
Device Guard
Device Guard | CVE-2018-8215 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Device Guard | CVE-2018-8212 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Device Guard | CVE-2018-8211 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Device Guard | CVE-2018-8221 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Device Guard | CVE-2018-8217 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Device Guard | CVE-2018-8216 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Device Guard | CVE-2018-8201 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Windows Hyper-V
Windows Hyper-V | CVE-2018-8218 | Windows Hyper-V Denial of Service Vulnerability |
Windows Hyper-V | CVE-2018-8219 | Hypervisor Code Integrity Elevation of Privilege Vulnerability |
Windows Kernel
Windows Kernel | CVE-2018-8207 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-8233 | Win32k Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2018-8224 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2018-8121 | Windows Kernel Information Disclosure Vulnerability |
Microsoft Scripting Engine
Microsoft Scripting Engine | CVE-2018-8229 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8227 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8267 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8243 | Scripting Engine Memory Corruption Vulnerability |
Adobe Flash Player | ADV180014 | June 2018 Adobe Flash Security Update |
HID Parser Library | CVE-2018-8169 | HIDParser Elevation of Privilege Vulnerability |
Microsoft also released a standalone security advisory KB4338110, for padding oracle attack that Performs against encrypted data that allows the attacker to decrypt the contents of the data, without knowing the key.
A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker forums…
A critical vulnerability has been identified in Siemens' User Management Component (UMC), which could allow…
Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit PDF…
Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could…
A Romanian man has been sentenced to 20 years in prison for his involvement in…
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability…