Patch Tuesday Release: The Latest News
Microsoft has released 62 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office. 12 of the 62 are listed as Critical.
CVE-2018-8589 with a severity of Important and a CVSS score of 7.8 is being actively exploited. The most likely exploitation of this type of vulnerability is thought by many experts to be by global malware making this a very serious vulnerability. We would highly recommend this be a priority for your IT Manager this month.
Patch Tuesday needed to fix file association bug
A cumulative update for Windows 10 from April 2018 has broken the file association settings with certain applications.
If this has impacted your users, we would recommend you include the patch in your next round of patch deployments. We have learned some third-party updates by Notepad++, which is a popular application used by software developers, loses its association with certain text file formats.
Robert Brown, Director of Services for Verismic said, “From our own experience of deploying tens of millions of updates worldwide, it is always the smallest bugs which impact your users the most and cause huge disruption in your users’ productivity. We encourage all of our customers to have a robust testing process to ensure interruption to your workforce is minimized.
Adobe Fixes Critical Vulnerabilities
Adobe released their monthly patch list early this month, three additional updates have been released affecting Flash, Adobe Photoshop & Acrobat / Reader.
One of the three vulnerabilities identified as CVE-2018-15979 is currently being exploited, so if you are using Acrobat or Reader on your devices we would highly recommend this patch be prioritized.
Patch Tuesday Release
| CVE Reference | Title | Severity | Publicly Disclosed | Actively Exploited | Recommended |
| CVE-2018-8589 | Windows Win32k Elevation of Privilege Vulnerability | Important | No | Yes | Yes |
| CVE-2018-8584 | Windows ALPC Elevation of Privilege Vulnerability | Important | Yes | No | Yes |
| CVE-2018-8566 | BitLocker Security Feature Bypass Vulnerability | Important | Yes | No | Yes |
| CVE-2018-8476 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | Critical | No | No | Yes |
| CVE-2018-8553 | Microsoft Graphics Components Remote Code Execution Vulnerability | Critical | No | No | Yes |
| CVE-2018-8588 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8541 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8542 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8543 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8544 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical | No | No | Yes |
| CVE-2018-8555 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8556 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8557 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8551 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8609 | Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability | Critical | No | No | Yes |
| CVE-2018-8600 | Azure App Service Cross-site Scripting Vulnerability | Important | No | No | |
| CVE-2018-8602 | Team Foundation Server Cross-site Scripting Vulnerability | Important | No | No | |
| CVE-2018-8605 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | Important | No | No | |
| CVE-2018-8606 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | Important | No | No | |
| CVE-2018-8607 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | Important | No | No | |
| CVE-2018-8608 | Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability | Important | No | No | |
| CVE-2018-8471 | Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8485 | DirectX Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8554 | DirectX Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8561 | DirectX Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8562 | Win32k Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8572 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8581 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8550 | Windows COM Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8552 | Windows VBScript Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8568 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8592 | Windows Elevation Of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8567 | Microsoft Edge Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8563 | DirectX Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8407 | MSRPC Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8454 | Windows Audio Service Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8565 | Win32k Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8558 | Microsoft Outlook Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8408 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8545 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8578 | Microsoft SharePoint Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8579 | Microsoft Outlook Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8256 | PowerShell Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8522 | Microsoft Outlook Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8576 | Microsoft Outlook Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8524 | Microsoft Outlook Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8539 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8573 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8574 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8575 | Microsoft Project Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8582 | Microsoft Outlook Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8450 | Windows Search Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8577 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8570 | Internet Explorer Memory Corruption Vulnerability | Important | No | No | |
| CVE-2018-8417 | Microsoft JScript Security Feature Bypass Vulnerability | Important | No | No | |
| CVE-2018-8549 | Windows Security Feature Bypass Vulnerability | Important | No | No | |
| CVE-2018-8564 | Microsoft Edge Spoofing Vulnerability | Important | No | No | |
| CVE-2018-8547 | Active Directory Federation Services XSS Vulnerability | Important | No | No | |
| CVE-2018-8529 | Team Foundation Server Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8569 | Yammer Desktop Application Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8415 | Microsoft Powershell Tampering Vulnerability | Important | No | No | |
| CVE-2018-8416 | .NET Core Tampering Vulnerability | Moderate | No | No | |
| CVE-2018-8546 | Microsoft Skype for Business Denial of Service Vulnerability |
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
