Monday, July 15, 2024
EHA

Microsoft Released Security Updates and more than 70 Security Vulnerabilities are Fixed

Microsoft security updates released under patch Tuesday for this month (March) and fixed more than 70 vulnerabilities in all the severity categories and with 61 rated as important.

This Microsoft Security Updates including all security fixes for vulnerabilities that affect Windows 10 and Microsoft will release an auto update for all the Windows 10 users.

Security updates for March security release consist of some major Microsoft Following product and all the updates are available via the Microsoft Update Catalog.

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Exchange Server
  • ASP.NET Core
  • .NET Core
  • PowerShell Core
  • ChakraCore
  • Adobe Flash

Many of CVE released under Critical Vulnerabilities category in this Microsoft Security Updates such as Remote Code Execution, Information Disclosure fixed Internet Explorer and Microsoft Edge browser.

Browers patches including Google Disclosed a Microsoft Edge Zero-day bug Before Patch is Released on last month.

In this Browser based security fixes contains 21 vulnerabilities and 14 vulnerabilities has been marked as critical and remain vulnerabilities marked as important.

Along with this Microsoft Security Updates, Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.

“These updates address critical vulnerabilities in Adobe Flash Player 28.0.0.161 and earlier versions. all the vulnerabilities Successful exploitation could lead to arbitrary code execution in the context of the current user.”

Microsoft Security Updates Patched Vulnerabilities

TagCVE IDCVE Title
.NET CoreCVE-2018-0875.NET Core Denial of Service Vulnerability
Adobe Flash PlayerADV180006March 2018 Adobe Flash Security Update
ASP .NETCVE-2018-0787ASP.NET Core Elevation of Privilege Vulnerability
ASP.NETCVE-2018-0808ASP.NET Core Denial of Service Vulnerability
Device GuardCVE-2018-0884Windows Security Feature Bypass Vulnerability
Internet ExplorerCVE-2018-0929Internet Explorer Information Disclosure Vulnerability
Internet ExplorerCVE-2018-0942Internet Explorer Elevation of Privilege Vulnerability
Microsoft BrowsersCVE-2018-0932Microsoft Browser Information Disclosure Vulnerability
Microsoft BrowsersCVE-2018-0927Microsoft Browser Information Disclosure Vulnerability
Microsoft EdgeCVE-2018-0879Microsoft Edge Information Disclosure Vulnerability
Microsoft Exchange ServerCVE-2018-0941Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange ServerCVE-2018-0940Microsoft Exchange Elevation of Privilege Vulnerability
Microsoft Exchange ServerCVE-2018-0924Microsoft Exchange Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2018-0817Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-0815Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-0816Windows GDI Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0903Microsoft Access Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-0909Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0911Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0907Microsoft Office Excel Security Feature Bypass
Microsoft OfficeCVE-2018-0910Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0947Microsoft Sharepoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0913Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0912Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0919Microsoft Office Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-0921Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0915Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0916Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0917Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0944Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0914Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0922Microsoft Office Memory Corruption Vulnerability
Microsoft OfficeCVE-2018-0923Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Scripting EngineCVE-2018-0893Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0874Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0876Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0936Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0873Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0891Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting EngineCVE-2018-0889Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0872Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0925Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0934Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0933Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0931Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0935Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0930Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0939Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting EngineCVE-2018-0937Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Video ControlCVE-2018-0881Microsoft Video Control Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-0886CredSSP Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-0878Windows Remote Assistance Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-0902CNG Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2018-0983Windows Storage Services Elevation of Privilege Vulnerability
Windows Desktop BridgeCVE-2018-0877Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
Windows Desktop BridgeCVE-2018-0882Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows Desktop BridgeCVE-2018-0880Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows Hyper-VCVE-2018-0885Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-VCVE-2018-0888Hyper-V Information Disclosure Vulnerability
Windows InstallerCVE-2018-0868Windows Installer Elevation of Privilege Vulnerability
Windows KernelCVE-2018-0897Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0899Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0898Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0894Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0977Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2018-0896Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0895Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0900Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0814Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0811Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0904Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0901Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0926Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0813Windows Kernel Information Disclosure Vulnerability
Windows ShellCVE-2018-0883Windows Shell Remote Code Execution Vulnerability

Adobe patched Vulnerabilities

Use After Free
Remote Code Execution
Critical
CVE-2018-4919
Type Confusion
Remote Code Execution
Critical
CVE-2018-4920

How do I Update my Device?

For your personal device, Windows 10 automatically checks for the latest updates. To confirm you’re up to date, go to Settings, select Update and Security and then click Check for updates. You may also visit the Windows Security page and selecting Verify you’re updated to manually update your device.

Website

Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles