Friday, March 29, 2024

Microsoft Released Security Updates and more than 70 Security Vulnerabilities are Fixed

Microsoft security updates released under patch Tuesday for this month (March) and fixed more than 70 vulnerabilities in all the severity categories and with 61 rated as important.

This Microsoft Security Updates including all security fixes for vulnerabilities that affect Windows 10 and Microsoft will release an auto update for all the Windows 10 users.

Security updates for March security release consist of some major Microsoft Following product and all the updates are available via the Microsoft Update Catalog.

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Exchange Server
  • ASP.NET Core
  • .NET Core
  • PowerShell Core
  • ChakraCore
  • Adobe Flash

Many of CVE released under Critical Vulnerabilities category in this Microsoft Security Updates such as Remote Code Execution, Information Disclosure fixed Internet Explorer and Microsoft Edge browser.

Browers patches including Google Disclosed a Microsoft Edge Zero-day bug Before Patch is Released on last month.

In this Browser based security fixes contains 21 vulnerabilities and 14 vulnerabilities has been marked as critical and remain vulnerabilities marked as important.

Along with this Microsoft Security Updates, Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.

“These updates address critical vulnerabilities in Adobe Flash Player 28.0.0.161 and earlier versions. all the vulnerabilities Successful exploitation could lead to arbitrary code execution in the context of the current user.”

Microsoft Security Updates Patched Vulnerabilities

TagCVE IDCVE Title
.NET CoreCVE-2018-0875.NET Core Denial of Service Vulnerability
Adobe Flash PlayerADV180006March 2018 Adobe Flash Security Update
ASP .NETCVE-2018-0787ASP.NET Core Elevation of Privilege Vulnerability
ASP.NETCVE-2018-0808ASP.NET Core Denial of Service Vulnerability
Device GuardCVE-2018-0884Windows Security Feature Bypass Vulnerability
Internet ExplorerCVE-2018-0929Internet Explorer Information Disclosure Vulnerability
Internet ExplorerCVE-2018-0942Internet Explorer Elevation of Privilege Vulnerability
Microsoft BrowsersCVE-2018-0932Microsoft Browser Information Disclosure Vulnerability
Microsoft BrowsersCVE-2018-0927Microsoft Browser Information Disclosure Vulnerability
Microsoft EdgeCVE-2018-0879Microsoft Edge Information Disclosure Vulnerability
Microsoft Exchange ServerCVE-2018-0941Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange ServerCVE-2018-0940Microsoft Exchange Elevation of Privilege Vulnerability
Microsoft Exchange ServerCVE-2018-0924Microsoft Exchange Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2018-0817Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-0815Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2018-0816Windows GDI Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0903Microsoft Access Remote Code Execution Vulnerability
Microsoft OfficeCVE-2018-0909Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0911Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0907Microsoft Office Excel Security Feature Bypass
Microsoft OfficeCVE-2018-0910Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0947Microsoft Sharepoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0913Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0912Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0919Microsoft Office Information Disclosure Vulnerability
Microsoft OfficeCVE-2018-0921Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0915Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0916Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0917Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0944Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0914Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2018-0922Microsoft Office Memory Corruption Vulnerability
Microsoft OfficeCVE-2018-0923Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Scripting EngineCVE-2018-0893Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0874Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0876Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0936Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0873Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0891Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting EngineCVE-2018-0889Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0872Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0925Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0934Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0933Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0931Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0935Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0930Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2018-0939Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting EngineCVE-2018-0937Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Video ControlCVE-2018-0881Microsoft Video Control Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2018-0886CredSSP Remote Code Execution Vulnerability
Microsoft WindowsCVE-2018-0878Windows Remote Assistance Information Disclosure Vulnerability
Microsoft WindowsCVE-2018-0902CNG Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2018-0983Windows Storage Services Elevation of Privilege Vulnerability
Windows Desktop BridgeCVE-2018-0877Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
Windows Desktop BridgeCVE-2018-0882Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows Desktop BridgeCVE-2018-0880Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows Hyper-VCVE-2018-0885Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-VCVE-2018-0888Hyper-V Information Disclosure Vulnerability
Windows InstallerCVE-2018-0868Windows Installer Elevation of Privilege Vulnerability
Windows KernelCVE-2018-0897Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0899Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0898Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0894Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0977Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2018-0896Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0895Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0900Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0814Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0811Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0904Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0901Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0926Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2018-0813Windows Kernel Information Disclosure Vulnerability
Windows ShellCVE-2018-0883Windows Shell Remote Code Execution Vulnerability

Adobe patched Vulnerabilities

Use After Free
Remote Code Execution
Critical
CVE-2018-4919
Type Confusion
Remote Code Execution
Critical
CVE-2018-4920

How do I Update my Device?

For your personal device, Windows 10 automatically checks for the latest updates. To confirm you’re up to date, go to Settings, select Update and Security and then click Check for updates. You may also visit the Windows Security page and selecting Verify you’re updated to manually update your device.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles