August Patch Tuesday Release
Microsoft have released 60 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Windows components, .NET Framework, SQL Server, as well as Microsoft Office and Office Services.
Out of these 60 CVEs, 19 are listed as Critical, 39 are rated Important, one is rated as Moderate, and one is rated as Low in severity.
Critical Adobe Updates
Adobe have also released 11 fixes today including two critical patches for Acrobat and Reader, CVE-2018-12808 is an out-of-bounds write flaw, while CVE-2018-12799 is an untrusted pointer dereference vulnerability. IT Managers should be pleased as last month’s release included 100 vulnerability fixes.
WannaCry is Back with a Vengeance
Big hitter falls foul of WannaCry this week; Taiwan Semiconductor Manufacturing who are the largest chip supplier to Apple and other smartphone makers were compromised which disrupted global delays of chip shipments. The damage from the infection has caused serious financial revenue damage in Q3, and could have easily been avoided should a patch centric approach been adopted by their IT Managers. Learn more in our Avoiding Patch Doomsday whitepaper.
Windows 10 Feature Update Planning
If you are using Windows 10, version 1703 then you only have 2 months left to upgrade before it falls out of the standard ‘End of Service’ on October 9, 2018. Each Windows 10 version will be serviced with quality updates for up to 18 months from availability. It is important that all quality updates are installed to help keep your device secure.Robert Brown, Director of Services for Verismic said, “CVE-2018-8373 (Scripting Engine Memory Corruption Vulnerability) & CVE-2018-8414 (Windows Shell Remote Code Execution Vulnerability) are both publicly disclosed and are actively being exploited.
Although these only carry a CVSS score of 4.8 & 6.7 respectively because these vulnerabilities are being actively being used to expose customer networks, these updates should be prioritized by your IT manager this month.
Patch Tuesday Release
| CVE | Title | Severity |
| CVE-2018-8373 | Internet Explorer Memory Corruption Vulnerability | Critical |
| CVE-2018-8273 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical |
| CVE-2018-8302 | Microsoft Exchange Memory Corruption Vulnerability | Critical |
| CVE-2018-8344 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| CVE-2018-8345 | LNK Remote Code Execution Vulnerability | Critical |
| CVE-2018-8350 | Windows PDF Remote Code Execution Vulnerability | Critical |
| CVE-2018-8355 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8359 | Scripting Engine Information Disclosure Vulnerability | Critical |
| CVE-2018-8371 | Internet Explorer Memory Corruption Vulnerability | Critical |
| CVE-2018-8372 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8377 | Microsoft Edge Memory Corruption Vulnerability | Critical |
| CVE-2018-8380 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8381 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8384 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8385 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8387 | Microsoft Edge Memory Corruption Vulnerability | Critical |
| CVE-2018-8390 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2018-8397 | GDI+ Remote Code Execution Vulnerability | Critical |
| CVE-2018-8403 | Microsoft Browser Memory Corruption Vulnerability | Critical |
| CVE-2018-8414 | Windows Shell Remote Code Execution Vulnerability | Important |
| CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability | Important |
| CVE-2018-8200 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | Important |
| CVE-2018-8204 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | Important |
| CVE-2018-8253 | Cortana Elevation of Privilege Vulnerability | Important |
| CVE-2018-8266 | Chakra Scripting Engine Memory Corruption Vulnerability | Important |
| CVE-2018-8316 | Internet Explorer Remote Code Execution Vulnerability | Important |
| CVE-2018-8339 | Windows Installer Elevation of Privilege Vulnerability | Important |
| CVE-2018-8340 | ADFS Security Feature Bypass Vulnerability | Important |
| CVE-2018-8341 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2018-8342 | Windows NDIS Elevation of Privilege Vulnerability | Important |
| CVE-2018-8343 | Windows NDIS Elevation of Privilege Vulnerability | Important |
| CVE-2018-8346 | LNK Remote Code Execution Vulnerability | Important |
| CVE-2018-8347 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2018-8348 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2018-8349 | Microsoft COM for Windows Remote Code Execution Vulnerability | Important |
| CVE-2018-8351 | Microsoft Edge Information Disclosure Vulnerability | Important |
| CVE-2018-8353 | Scripting Engine Memory Corruption Vulnerability | Important |
| CVE-2018-8357 | Internet Explorer Elevation of Privilege Vulnerability | Important |
| CVE-2018-8358 | Microsoft Edge Information Disclosure Vulnerability | Important |
| CVE-2018-8360 | .NET Framework Information Disclosure Vulnerability | Important |
| CVE-2018-8370 | Microsoft Edge Information Disclosure Vulnerability | Important |
| CVE-2018-8375 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2018-8376 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| CVE-2018-8378 | Microsoft Office Information Disclosure Vulnerability | Important |
| CVE-2018-8379 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2018-8382 | Microsoft Excel Information Disclosure Vulnerability | Important |
| CVE-2018-8383 | Microsoft Edge Spoofing Vulnerability | Important |
| CVE-2018-8389 | Internet Explorer Memory Corruption Vulnerability | Important |
| CVE-2018-8394 | Windows GDI Information Disclosure Vulnerability | Important |
| CVE-2018-8396 | Windows GDI Information Disclosure Vulnerability | Important |
| CVE-2018-8398 | Windows GDI Information Disclosure Vulnerability | Important |
| CVE-2018-8399 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2018-8400 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2018-8401 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2018-8404 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2018-8405 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2018-8406 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2018-8412 | Microsoft (MAU) Office Elevation of Privilege Vulnerability | Important |
| CVE-2018-8374 | Microsoft Exchange Elevation of Privilege Vulnerability | Moderate |
| CVE-2018-8388 | Microsoft Edge Elevation of Privilege Vulnerability | Low |
