Microsoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities

Microsoft security updates released for June 2018 contains fixes for more than 50 vulnerabilities including for some of the products Critical remote code execution vulnerability.

Patch update released for some of the widely used Microsoft Product such as Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player.

In this updates, several products patched the remote code execution vulnerability and Memory Corruption Vulnerability especially Microsoft edge and Microsoft Windows.

Apart from Microsoft Products, this June patch Tuesday updates contains an Adobe Flash Player zero-day (CVE-2018-5002) update.

Remote Code Execution Flaw Affected Products

Microsoft Edge and Internet Explorer based Memory Corruption Vulnerabilities are fixed with this security updates.

A remote code execution vulnerability exists when Microsoft Edge and  Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Office based Elevation of Privilege Vulnerability also patched which leads to an attacker who successfully exploited this vulnerability could perform script/content injection attacks.

Windows-based remote code execution vulnerability also fixed that exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.

HTTP Protocol Stack (Http.sys) also contain remote code execution flaw that improperly handles objects in memory. So An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system.

Microsoft Security Updates List

Microsoft Office

Microsoft Office	CVE-2018-8246	Microsoft Excel Information Disclosure Vulnerability
Microsoft Office	CVE-2018-8247	Microsoft Office Elevation of Privilege Vulnerability
Microsoft Office	CVE-2018-8244	Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft Office	CVE-2018-8245	Microsoft Office Elevation of Privilege Vulnerability
Microsoft Office	CVE-2018-8254	Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office	CVE-2018-8248	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2018-8252	Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft Windows

Microsoft Windows	CVE-2018-8175	WEBDAV Denial of Service Vulnerability
Microsoft Windows	CVE-2018-1040	Windows Code Integrity Module Denial of Service Vulnerability
Microsoft Windows	CVE-2018-8251	Media Foundation Memory Corruption Vulnerability
Microsoft Windows	CVE-2018-0982	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2018-8208	Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2018-8209	Windows Wireless Network Profile Information Disclosure Vulnerability
Microsoft Windows	CVE-2018-8214	Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2018-8210	Windows Remote Code Execution Vulnerability
Microsoft Windows	CVE-2018-8213	Windows Remote Code Execution Vulnerability
Microsoft Windows	CVE-2018-8205	Windows Denial of Service Vulnerability
Microsoft Windows	CVE-2018-8231	HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft Windows	CVE-2018-8239	Windows GDI Information Disclosure Vulnerability
Microsoft Windows	CVE-2018-8226	HTTP.sys Denial of Service Vulnerability
Microsoft Windows	CVE-2018-8225	Windows DNSAPI Remote Code Execution Vulnerability

Microsoft Edge & Internet Explorer

Internet Explorer	CVE-2018-0978	Internet Explorer Memory Corruption Vulnerability
Internet Explorer	CVE-2018-8113	Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer	CVE-2018-8249	Internet Explorer Memory Corruption Vulnerability
Microsoft Edge	CVE-2018-8110	Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge	CVE-2018-8111	Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge	CVE-2018-8236	Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge	CVE-2018-8235	Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge	CVE-2018-0871	Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge	CVE-2018-8234	Microsoft Edge Information Disclosure Vulnerability

Device Guard

Device Guard	CVE-2018-8215	Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard	CVE-2018-8212	Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard	CVE-2018-8211	Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard	CVE-2018-8221	Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard	CVE-2018-8217	Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard	CVE-2018-8216	Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard	CVE-2018-8201	Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Windows Hyper-V

Windows Hyper-V	CVE-2018-8218	Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V	CVE-2018-8219	Hypervisor Code Integrity Elevation of Privilege Vulnerability

Windows Kernel

Windows Kernel	CVE-2018-8207	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2018-8233	Win32k Elevation of Privilege Vulnerability
Windows Kernel	CVE-2018-8224	Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel	CVE-2018-8121	Windows Kernel Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting Engine	CVE-2018-8229	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8227	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8267	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8243	Scripting Engine Memory Corruption Vulnerability

Adobe Flash Player

ADV180014

June 2018 Adobe Flash Security Update

HID Parser Library

CVE-2018-8169

HIDParser Elevation of Privilege Vulnerability

Microsoft also released a standalone security advisory  KB4338110, for padding oracle attack that Performs against encrypted data that allows the attacker to decrypt the contents of the data, without knowing the key.