Microsoft security updates  - FcxbP1528837398 - Microsoft security updates for June 2018

released for June contains fixes for more than 50 vulnerabilities including for some of the products Critical remote code execution vulnerability.

Patch update released for some of the widely used Microsoft Product such as Internet Explorer, Microsoft , Microsoft Windows, Microsoft Office and Microsoft Office Services and Apps, ChakraCore, Adobe Flash Player.

In this updates, several products patched the remote code execution vulnerability and Memory Corruption Vulnerability especially Microsoft edge and Microsoft Windows.

Apart from Microsoft Products, this June patch Tuesday updates contains an Adobe Flash Player zero-day (CVE-2018-5002) update.

Remote Code Execution Flaw Affected Products

Microsoft Edge and Internet Explorer based Memory Corruption Vulnerabilities are fixed with this security updates.

A remote code execution vulnerability exists when Microsoft Edge and  Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Office based Elevation of Privilege Vulnerability also patched which leads to an attacker who successfully exploited this vulnerability could perform script/content injection attacks.

Windows-based remote code execution vulnerability also fixed that exists when Windows improperly handles objects in memory. An attacker who successfully exploited these vulnerabilities could take control of an affected system.

HTTP Protocol Stack (Http.sys) also contain remote code execution flaw that improperly handles objects in memory. So An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system.

Microsoft Security Updates List

Microsoft Office

Microsoft Office CVE-2018-8246 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office CVE-2018-8247 Microsoft Office Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-8244 Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-8245 Microsoft Office Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-8254 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-8248 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8252 Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft Windows

Microsoft Windows CVE-2018-8175 WEBDAV Denial of Service Vulnerability
Microsoft Windows CVE-2018-1040 Windows Code Integrity Module Denial of Service Vulnerability
Microsoft Windows CVE-2018-8251 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2018-0982 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-8208 Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-8209 Windows Wireless Network Information Disclosure Vulnerability
Microsoft Windows CVE-2018-8214 Windows Desktop Bridge Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-8210 Windows Remote Code Execution Vulnerability
Microsoft Windows CVE-2018-8213 Windows Remote Code Execution Vulnerability
Microsoft Windows CVE-2018-8205 Windows Denial of Service Vulnerability
Microsoft Windows CVE-2018-8231 HTTP Protocol Stack Remote Code Execution Vulnerability
Microsoft Windows CVE-2018-8239 Windows GDI Information Disclosure Vulnerability
Microsoft Windows CVE-2018-8226 HTTP.sys Denial of Service Vulnerability
Microsoft Windows CVE-2018-8225 Windows DNSAPI Remote Code Execution Vulnerability

Microsoft Edge & Internet Explorer

Internet Explorer CVE-2018-0978 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2018-8113 Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer CVE-2018-8249 Internet Explorer Memory Corruption Vulnerability
Microsoft Edge CVE-2018-8110 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2018-8111 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2018-8236 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2018-8235 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2018-0871 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-8234 Microsoft Edge Information Disclosure Vulnerability

Device Guard

Device Guard CVE-2018-8215 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard CVE-2018-8212 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard CVE-2018-8211 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard CVE-2018-8221 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard CVE-2018-8217 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard CVE-2018-8216 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Device Guard CVE-2018-8201 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability

Windows Hyper-V

Windows Hyper-V CVE-2018-8218 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2018-8219 Hypervisor Code Integrity Elevation of Privilege Vulnerability

Windows Kernel

Windows Kernel CVE-2018-8207 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-8233 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-8224 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-8121 Windows Kernel Information Disclosure Vulnerability

Microsoft Scripting

Microsoft Scripting Engine CVE-2018-8229 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8227 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8267 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8243 Scripting Engine Memory Corruption Vulnerability
Adobe Flash Player ADV180014 June 2018 Adobe Flash Security Update
HID Parser Library CVE-2018-8169 HIDParser Elevation of Privilege Vulnerability

 

Microsoft also released a standalone security advisory  KB4338110, for padding oracle that Performs against encrypted data that allows the attacker to decrypt the contents of the data, without knowing the key.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here