- q7i1D1544668287 - Microsoft Relesed Security Updates & Fixed 39 Vulnerabilities

Microsoft released security under December Patch Tuesday and several that affected various Microsoft products.

There are vulnerabilities were addressed including the active zero-day vulnerability that could exploit using malware and attackers execute the code in the kernel.

Following Microsoft products are patched in this December security release along with some of the critical security vulnerabilities.

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Framework
  • Microsoft Dynamics NAV
  • Microsoft Exchange Server
  • Microsoft Visual Studio
  • Windows Azure Pack (WAP)

In this case, Microsoft marked 9 vulnerabilities as “critical,” that allow very serious impact and a remote attacker could take over the vulnerable applications and 30 flaws rated as “important”.

CVE-2018-8517, A remote unauthenticated attacker could exploit this by issuing specially crafted requests to the .NET Framework ,” . “The can be exploited remotely, without .”

Rapid7 reported  Internet Explorer (CVE-2018-8631) and Edge (CVE-2018-8624) which considered by Microsoft that most likely to be exploited.

Microsoft Security Updates

Microsoft Office
Microsoft Office CVE-2018-8628 Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8636 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8627 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office CVE-2018-8598 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office CVE-2018-8587 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8597 Microsoft Excel Remote Code Execution Vulnerability

 

Microsoft Scripting Engine
Microsoft Scripting Engine CVE-2018-8629 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8643 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8625 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2018-8617 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8583 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8618 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8624 Chakra Scripting Engine Memory Corruption Vulnerability

 

Windows Kernel
Windows Kernel CVE-2018-8477 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-8621 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-8612 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Windows Kernel CVE-2018-8611 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-8622 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-8637 Win32k Information Disclosure Vulnerability

 

Microsoft Office SharePoint
Microsoft Office SharePoint CVE-2018-8635 Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2018-8580 Microsoft SharePoint Information Disclosure Vulnerability

 

Microsoft Windows DNS
Microsoft Windows DNS CVE-2018-8514 Remote Procedure Call runtime Information Disclosure Vulnerability
Microsoft Windows DNS CVE-2018-8626 Windows DNS Server Heap Overflow Vulnerability

 

NET Framework
.NET Framework CVE-2018-8517 .NET Framework Denial Of Service Vulnerability
.NET Framework CVE-2018-8540 .NET Framework Remote Code Injection Vulnerability

 

Adobe Flash Player

Adobe Flash Player ADV180031 December 2018 Adobe Flash Security Update

 

Other Vulnerabilities

Microsoft Dynamics CVE-2018-8651 Microsoft Dynamics NAV Cross Site Scripting Vulnerability
Microsoft Exchange Server CVE-2018-8604 Microsoft Exchange Server Tampering Vulnerability

 

Visual Studio CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Windows Authentication Methods CVE-2018-8634 Microsoft -To-Speech Remote Code Execution Vulnerability
Windows Azure Pack CVE-2018-8652 Windows Azure Pack Cross Site Scripting Vulnerability

 

Windows Kernel-Mode Drivers CVE-2018-8641 Win32k Elevation of Privilege Vulnerability

 

Internet Explorer CVE-2018-8619 Internet Explorer Remote Code Execution Vulnerability
Internet Explorer CVE-2018-8631 Internet Explorer Memory Corruption Vulnerability
Microsoft Dynamics CVE-2018-8651 Microsoft Dynamics NAV Cross Site Scripting Vulnerability
Microsoft Exchange Server CVE-2018-8604 Microsoft Exchange Server Tampering Vulnerability

 

Also Read:

Apple Released Security Updates for iOS, Safari, iCloud, watchOS, tvOS

VMware Releases Critical Security Updates for Multiple Vulnerabilities



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here