Microsoft released security update under patch Tuesday that affected many of its products along with certain critical Windows zero-day flaw.
There are 3 Zero-day vulnerability has been fixed along with more than 49 vulnerabilities that affected Microsoft products such as products such as Windows, Edge, Internet Explorer, Office, Exchange Server, and .NET Core, Power Shell Core.
Out of 48 vulnerabilities 18 are categorized as “CRITICAL” and rest of the flaws listed in other categories such as important.
In this Microsoft released security update also fixed 8 years old remote code execution bug that affected Exchange Server is the resurfacing of a vulnerability that discovered in 2010.
Some of the following remote code execution flows that reported in public also fixed in this security updates.
- CVE-2018-8423 a remote code execution bug in JET Database Engine for Windows.
- CVE-2018-8497 a Windows Kernel Elevation of Privilege Vulnerability.
- CVE-2018-8531, a remote code execution flaw in Azure IoT device client.
Microsoft Released Security Update list
Microsoft Edge
| Microsoft Edge | CVE-2018-8473 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2018-8512 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Edge | CVE-2018-8530 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Edge | CVE-2018-8509 | Microsoft Edge Memory Corruption Vulnerability |
Microsoft Office
| Microsoft Office | ADV180026 | Microsoft Office Defense in Depth Update |
| Microsoft Office | CVE-2018-8501 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8427 | Microsoft Graphics Components Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-8504 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8502 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2018-8432 | Microsoft Graphics Components Remote Code Execution Vulnerability |
Microsoft Windows
| Microsoft Windows | CVE-2018-8411 | NTFS Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8333 | Microsoft Filter Manager Elevation Of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-8493 | Windows TCP/IP Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2018-8506 | Microsoft Windows Codecs Library Information Disclosure Vulnerability |
Microsoft Scripting Engine
| Microsoft Scripting Engine | CVE-2018-8511 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8500 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8505 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8503 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8510 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-8513 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Office SharePoint
| Microsoft Office SharePoint | CVE-2018-8498 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8480 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8488 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2018-8518 | Microsoft SharePoint Elevation of Privilege Vulnerability |
SQL Server
| SQL Server | CVE-2018-8527 | SQL Server Management Studio Information Disclosure Vulnerability |
| SQL Server | CVE-2018-8532 | SQL Server Management Studio Information Disclosure Vulnerability |
| SQL Server | CVE-2018-8533 | SQL Server Management Studio Information Disclosure Vulnerability |
Microsoft Graphics Component
| Microsoft Graphics Component | CVE-2018-8486 | DirectX Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2018-8484 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8453 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2018-8472 | Windows GDI Information Disclosure Vulnerability |
Internet Explorer
| Internet Explorer | CVE-2018-8460 | Internet Explorer Memory Corruption Vulnerability |
| Internet Explorer | CVE-2018-8491 | Internet Explorer Memory Corruption Vulnerability |
Windows Hyper-V
| Windows Hyper-V | CVE-2018-8489 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2018-8490 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows Shell
| Windows Shell | CVE-2018-8413 | Windows Theme API Remote Code Execution Vulnerability |
| Windows Shell | CVE-2018-8495 | Windows Shell Remote Code Execution Vulnerability |
Windows Media Player
| Windows Media Player | CVE-2018-8482 | Windows Media Player Information Disclosure Vulnerability |
| Windows Media Player | CVE-2018-8481 | Windows Media Player Information Disclosure Vulnerability |
Windows – Linux
| Windows – Linux | CVE-2018-8329 | Linux On Windows Elevation Of Privilege Vulnerability |
Windows Kernel
| Windows Kernel | CVE-2018-8330 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-8497 | Windows Kernel Elevation of Privilege Vulnerability |
Microsoft Windows DNS
| Microsoft Windows DNS | CVE-2018-8320 | Windows DNS Security Feature Bypass Vulnerability |
Microsoft XML Core Services
| Microsoft XML Core Services | CVE-2018-8494 | MS XML Remote Code Execution Vulnerability |
Microsoft JET Database Engine
| Microsoft JET Database Engine | CVE-2018-8423 | Microsoft JET Database Engine Remote Code Execution Vulnerability |
Azure & Device Guard
| Azure | CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption Vulnerability |
| Device Guard | CVE-2018-8492 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Also Read:
Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities
