Patch Tuesday Release: The Latest News
Microsoft has released half the updates they released last month: 39 security patches total.
Thee cover Internet Explorer (IE), Edge, ChakraCore, Hyper-V, Exchange, Windows components, .NET Core, SQL Server, and Microsoft Office. 9 of these are listed as Critical with the remaining 30 as Important.
Adobe Fixes Many Vulnerabilities
Adobe on the other have released almost 90 updates today, and all are marked Important for Adobe Acrobat and Reader. To our knowledge none of the updates released today are being exposed in the wild, but we would recommend you implement these as part of your third-party patching strategy.
Several Vulnerabilities Require Your Attention: Turn Off Windows Update
CVE-2018-8611 and CVE-2018-8517 are two important updates you need to prioritize this month. Not because they have the highest severity, but because these are publicly disclosed and actively being exploited.
CVE-2018-8611 is an update being exposed by malware which is exposing networks all over the world. Robert Brown, Director of Services for Verismic said, “Just this week we have learned one of Italy’s oil and gas exploration giants have suffered a relentless cyber-attack causing server infrastructure to go offline. Often it’s these companies who think by leaving Windows Update in its default mode are protecting their environment from zero day attacks and sophisticated espionage.”
The Best Patch Strategy
We recommend our Syxsense clients take a safe and calculated approach to managing their security. Turn off the default Windows patching mode and implementing a fully rigorous, selective but fully secure patching strategy.
Patch Tuesday Release
| CVE ID | Description | Severity | Public | Exploited | Recommended |
| CVE-2018-8611 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | Yes | Yes |
| CVE-2018-8517 | .NET Framework Denial Of Service Vulnerability | Important | Yes | No | Yes |
| CVE-2018-8540 | .NET Framework Remote Code Injection Vulnerability | Critical | No | No | Yes |
| CVE-2018-8583 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8617 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8618 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8624 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8626 | Windows DNS Server Heap Overflow Vulnerability | Critical | No | No | Yes |
| CVE-2018-8629 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8631 | Internet Explorer Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2018-8634 | Microsoft Text-To-Speech Remote Code Execution Vulnerability | Critical | No | No | Yes |
| CVE-2018-8477 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8514 | Remote Procedure Call runtime Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8580 | Microsoft SharePoint Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8587 | Microsoft Outlook Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8595 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8596 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8597 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8598 | Microsoft Excel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8599 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8604 | Microsoft Exchange Server Tampering Vulnerability | Important | No | No | |
| CVE-2018-8612 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important | No | No | |
| CVE-2018-8619 | Internet Explorer Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8621 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8622 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8625 | Windows VBScript Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8627 | Microsoft Excel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8628 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8635 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8636 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2018-8637 | Win32k Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8638 | DirectX Information Disclosure Vulnerability | Important | No | No | |
| CVE-2018-8639 | Win32k Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8641 | Win32k Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2018-8643 | Scripting Engine Memory Corruption Vulnerability | Important | No | No | |
| CVE-2018-8649 | Windows Denial of Service Vulnerability | Important | No | No | |
| CVE-2018-8650 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
| CVE-2018-8651 | Microsoft Dynamics NAV Cross Site Scripting Vulnerability | Important | No | No | |
| CVE-2018-8652 | Windows Azure Pack Cross Site Scripting Vulnerability | Important | No | No |
