Patch Tuesday: The Latest News
Microsoft has released 49 security patches today covering Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office.
12 updates are listed as Critical, 35 are rated Important, one is rated as Moderate and one is rated Low severity.
Windows 10 Feature Updates Paused
The highly anticipated Windows 10 feature update (1809) was hotly awaited by Windows 10 users on October 2 only to find that Microsoft have just halted the release due to a very embarrassing bug. Upon install, 1809 deletes users personal files which cannot be easily restored.
Robert Brown, Director of Services for Verismic said, “We would encourage all of our clients to use our recommended test and deployment strategy for feature updates as they do for normal Windows updates. You have 18 months for each feature update, so there is absolutely no reason to rush into mass deployment without testing the impact on your users first.”
Adobe Fixes Critical Vulnerabilities
Adobe released their monthly patch list early this month, with almost a hundred updates coming out last week. Today a modest four additional updates have been released affecting Flash, Framemaker, Adobe Digital Editions & Adobe Technical Suite.
Vulnerability Requires your Attention
On paper CVE-2018-8453 only carries a severity of Important, however we have learned this is being actively exploited. The most likely exploitation of this type of vulnerability is thought by many experts to be by global malware making this a very serious vulnerability.We would highly recommend this be a priority for your IT manager this month.
Enhance your approach to patch management with Syxsense. Start your free trial with a cloud-based IT management solution that’s easy to use and powerful.
Patch Tuesday Release
| CVE ID | Description | Severity | Actively Exploited | Highly Recommended |
| CVE-2018-8460 | Internet Explorer Memory Corruption Vulnerability | Critical | No | Yes |
| CVE-2018-8473 | Microsoft Edge Memory Corruption Vulnerability | Critical | No | Yes |
| CVE-2018-8489 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | Yes |
| CVE-2018-8490 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | Yes |
| CVE-2018-8491 | Internet Explorer Memory Corruption Vulnerability | Critical | No | Yes |
| CVE-2018-8494 | MS XML Remote Code Execution Vulnerability | Critical | No | Yes |
| CVE-2018-8500 | Scripting Engine Memory Corruption Vulnerability | Critical | No | Yes |
| CVE-2018-8505 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | Yes |
| CVE-2018-8509 | Microsoft Edge Memory Corruption Vulnerability | Critical | No | Yes |
| CVE-2018-8510 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | Yes |
| CVE-2018-8511 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | Yes |
| CVE-2018-8513 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | Yes |
| CVE-2018-8453 | Win32k Elevation of Privilege Vulnerability | Important | Yes | Yes |
| CVE-2018-8423 | Microsoft JET Database Engine Remote Code Execution Vulnerability | Important | No | Yes |
| CVE-2018-8497 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | Yes |
| CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption Vulnerability | Important | No | Yes |
| CVE-2010-3190 | MFC Insecure Library Loading Vulnerability | Important | No | |
| CVE-2018-8265 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | No | |
| CVE-2018-8320 | Windows DNS Security Feature Bypass Vulnerability | Important | No | |
| CVE-2018-8329 | Linux On Windows Elevation Of Privilege Vulnerability | Important | No | |
| CVE-2018-8330 | Windows Kernel Information Disclosure Vulnerability | Important | No | |
| CVE-2018-8333 | Microsoft Filter Manager Elevation Of Privilege Vulnerability | Important | No | |
| CVE-2018-8411 | NTFS Elevation of Privilege Vulnerability | Important | No | |
| CVE-2018-8413 | Windows Theme API Remote Code Execution Vulnerability | Important | No | |
| CVE-2018-8427 | Microsoft Graphics Components Information Disclosure Vulnerability | Important | No | |
| CVE-2018-8432 | Microsoft Graphics Components Remote Code Execution Vulnerability | Important | No | |
| CVE-2018-8448 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | No | |
| CVE-2018-8472 | Windows GDI Information Disclosure Vulnerability | Important | No | |
| CVE-2018-8480 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | |
| CVE-2018-8481 | Windows Media Player Information Disclosure Vulnerability | Important | No | |
| CVE-2018-8482 | Windows Media Player Information Disclosure Vulnerability | Important | No | |
| CVE-2018-8484 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | No | |
| CVE-2018-8486 | DirectX Information Disclosure Vulnerability | Important | No | |
| CVE-2018-8488 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | |
| CVE-2018-8492 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | Important | No | |
| CVE-2018-8493 | Windows TCP/IP Information Disclosure Vulnerability | Important | No | |
| CVE-2018-8495 | Windows Shell Remote Code Execution Vulnerability | Important | No | |
| CVE-2018-8498 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | |
| CVE-2018-8501 | Microsoft PowerPoint Security Feature Bypass Vulnerability | Important | No | |
| CVE-2018-8502 | Microsoft Excel Security Feature Bypass Vulnerability | Important | No | |
| CVE-2018-8504 | Microsoft Word Security Feature Bypass Vulnerability | Important | No | |
| CVE-2018-8506 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important | No | |
| CVE-2018-8512 | Microsoft Edge Security Feature Bypass Vulnerability | Important | No | |
| CVE-2018-8518 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | |
| CVE-2018-8527 | SQL Server Management Studio Information Disclosure | Important | No | |
| CVE-2018-8530 | Microsoft Edge Security Feature Bypass Vulnerability | Important | No | |
| CVE-2018-8532 | SQL Server Management Studio Information Disclosure | Important | No | |
| CVE-2018-8503 | Chakra Scripting Engine Memory Corruption Vulnerability | Low | No | |
| CVE-2018-8533 | SQL Server Management Studio Information Disclosure | Moderate | No |
