Skip to main content
Tag

Dec Patch Tuesday updates

||

December Patch Tuesday: Disclosed & Exploited

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image image=”26013″ img_size=”full”]

Patch Tuesday Release: The Latest News

Microsoft has released half the updates they released last month: 39 security patches total.

Thee cover Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.  9 of these are listed as Critical with the remaining 30 as Important.

Adobe Fixes Many Vulnerabilities

Adobe on the other have released almost 90 updates today, and all are marked Important for Adobe Acrobat and Reader. To our knowledge none of the updates released today are being exposed in the wild, but we would recommend you implement these as part of your third-party patching strategy.

Several Vulnerabilities Require Your Attention: Turn Off Windows Update

CVE-2018-8611 and CVE-2018-8517 are two important updates you need to prioritize this month. Not because they have the highest severity, but because these are publicly disclosed and actively being exploited.

CVE-2018-8611 is an update being exposed by malware which is exposing networks all over the world. Robert Brown, Director of Services for Verismic said, “Just this week we have learned one of Italy’s oil and gas exploration giants have suffered a relentless cyber-attack causing server infrastructure to go offline. Often it’s these companies who think by leaving Windows Update in its default mode are protecting their environment from zero day attacks and sophisticated espionage.”

The Best Patch Strategy

We recommend our Syxsense clients take a safe and calculated approach to managing their security. Turn off the default Windows patching mode and implementing a fully rigorous, selective but fully secure patching strategy.

Button Text
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

[vc_single_image image=”26020″ img_size=”full”]
CVE ID Description Severity Public Exploited Recommended
CVE-2018-8611 Windows Kernel Elevation of Privilege Vulnerability Important No Yes Yes
CVE-2018-8517 .NET Framework Denial Of Service Vulnerability Important Yes No Yes
CVE-2018-8540 .NET Framework Remote Code Injection Vulnerability Critical No No Yes
CVE-2018-8583 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8617 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8618 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8624 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8626 Windows DNS Server Heap Overflow Vulnerability Critical No No Yes
CVE-2018-8629 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8631 Internet Explorer Memory Corruption Vulnerability Critical No No Yes
CVE-2018-8634 Microsoft Text-To-Speech Remote Code Execution Vulnerability Critical No No Yes
CVE-2018-8477 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8514 Remote Procedure Call runtime Information Disclosure Vulnerability Important No No
CVE-2018-8580 Microsoft SharePoint Information Disclosure Vulnerability Important No No
CVE-2018-8587 Microsoft Outlook Remote Code Execution Vulnerability Important No No
CVE-2018-8595 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2018-8596 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2018-8597 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2018-8598 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important No No
CVE-2018-8604 Microsoft Exchange Server Tampering Vulnerability Important No No
CVE-2018-8612 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important No No
CVE-2018-8619 Internet Explorer Remote Code Execution Vulnerability Important No No
CVE-2018-8621 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8622 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2018-8625 Windows VBScript Engine Remote Code Execution Vulnerability Important No No
CVE-2018-8627 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2018-8628 Microsoft PowerPoint Remote Code Execution Vulnerability Important No No
CVE-2018-8635 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important No No
CVE-2018-8636 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2018-8637 Win32k Information Disclosure Vulnerability Important No No
CVE-2018-8638 DirectX Information Disclosure Vulnerability Important No No
CVE-2018-8639 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2018-8641 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2018-8643 Scripting Engine Memory Corruption Vulnerability Important No No
CVE-2018-8649 Windows Denial of Service Vulnerability Important No No
CVE-2018-8650 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2018-8651 Microsoft Dynamics NAV Cross Site Scripting Vulnerability Important No No
CVE-2018-8652 Windows Azure Pack Cross Site Scripting Vulnerability Important No No
[vc_btn title=”Start Your Free Trial of Syxsense → ” style=”custom” custom_background=”#f19b2c” custom_text=”#ffffff” size=”lg” align=”center” button_block=”true” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||”]