Microsoft May 2018 Patch Tuesday
Microsoft patched to vulnerabilities that have already been exploited in the wild:
CVE-2018-8174, a remote code execution vulnerability in the VBScript Engine.
CVE-2018-8120, a privilege escalation vulnerability in Win32k..
CVE-2018-8170. another privilege escalation vulnerabilty patched this month was known publicly, but has not been detected in exploits so far.
In addtion, CVE-2018-8115, which was already patched last week, is included in this months patch round-up.
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Framework Device Guard Security Feature Bypass Vulnerability | |||||||
| CVE-2018-1039 | No | No | Less Likely | Less Likely | Important | ||
| .NET and .NET Core Denial of Service Vulnerability | |||||||
| CVE-2018-0765 | No | No | Unlikely | Unlikely | Important | ||
| Azure IoT SDK Spoofing Vulnerability | |||||||
| CVE-2018-8119 | No | No | - | - | Important | ||
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2018-8130 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8133 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8145 | No | No | Unlikely | Unlikely | Important | 2.4 | 2.2 |
| CVE-2018-8177 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0943 | No | No | - | - | Critical | 4.2 | 3.8 |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8165 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| Hyper-V Remote Code Execution Vulnerability | |||||||
| CVE-2018-0959 | No | No | Less Likely | Less Likely | Critical | 7.6 | 6.8 |
| Hyper-V vSMB Remote Code Execution Vulnerability | |||||||
| CVE-2018-0961 | No | No | Less Likely | Less Likely | Critical | 7.6 | 6.8 |
| Internet Explorer Security Feature Bypass Vulnerability | |||||||
| CVE-2018-8126 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
| May 2018 Adobe Flash Security Update | |||||||
| ADV180008 | No | No | - | - | Critical | ||
| Microsoft Browser Information Disclosure Vulnerability | |||||||
| CVE-2018-1025 | No | No | More Likely | More Likely | Important | 4.3 | 3.9 |
| Microsoft Browser Memory Corruption Vulnerability | |||||||
| CVE-2018-8178 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| Microsoft COM for Windows Remote Code Execution Vulnerability | |||||||
| CVE-2018-0824 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
| Microsoft Edge Information Disclosure Vulnerability | |||||||
| CVE-2018-1021 | No | No | - | - | Important | 4.3 | 3.9 |
| Microsoft Edge Memory Corruption Vulnerability | |||||||
| CVE-2018-8123 | No | No | - | - | Important | 4.2 | 3.8 |
| CVE-2018-8179 | No | No | - | - | Important | 4.2 | 3.8 |
| Microsoft Edge Security Feature Bypass Vulnerability | |||||||
| CVE-2018-8112 | No | No | - | - | Important | 4.3 | 3.9 |
| Microsoft Excel Information Disclosure Vulnerability | |||||||
| CVE-2018-8163 | No | No | More Likely | More Likely | Important | ||
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2018-8162 | No | No | More Likely | More Likely | Important | ||
| CVE-2018-8147 | No | No | More Likely | More Likely | Important | ||
| CVE-2018-8148 | No | No | More Likely | More Likely | Important | ||
| Microsoft Exchange Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8159 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Exchange Memory Corruption Vulnerability | |||||||
| CVE-2018-8151 | No | No | Less Likely | Less Likely | Important | ||
| CVE-2018-8154 | No | No | Less Likely | Less Likely | Critical | ||
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8152 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Exchange Spoofing Vulnerability | |||||||
| CVE-2018-8153 | No | No | Less Likely | Less Likely | Low | ||
| Microsoft InfoPath Remote Code Execution Vulnerability | |||||||
| CVE-2018-8173 | No | No | - | - | Important | ||
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2018-8161 | No | No | Less Likely | Less Likely | Important | ||
| CVE-2018-8157 | No | No | More Likely | More Likely | Important | ||
| CVE-2018-8158 | No | No | More Likely | More Likely | Important | ||
| Microsoft Outlook Information Disclosure Vulnerability | |||||||
| CVE-2018-8160 | No | No | - | - | Important | ||
| Microsoft Outlook Security Feature Bypass Vulnerability | |||||||
| CVE-2018-8150 | No | No | - | - | Important | ||
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8155 | No | No | Less Likely | Less Likely | Important | ||
| CVE-2018-8156 | No | No | Less Likely | Less Likely | Important | ||
| CVE-2018-8168 | No | No | - | - | Important | ||
| CVE-2018-8149 | No | No | Less Likely | Less Likely | Important | ||
| Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2018-8122 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| CVE-2018-8128 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8137 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8139 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0945 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0946 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0951 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0953 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0954 | No | No | More Likely | More Likely | Critical | 4.2 | 3.8 |
| CVE-2018-0955 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| CVE-2018-1022 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| CVE-2018-8114 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8124 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| CVE-2018-8164 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| CVE-2018-8166 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| CVE-2018-8120 | No | Yes | - | - | Important | 7.0 | 6.3 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8167 | No | No | More Likely | More Likely | Important | 7.0 | 6.7 |
| Windows Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8134 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| Windows Host Compute Service Shim Remote Code Execution Vulnerability | |||||||
| CVE-2018-8115 | No | No | Unlikely | Unlikely | Critical | ||
| Windows Image Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8170 | Yes | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8897 | No | No | Unlikely | Unlikely | Important | 7.0 | 6.3 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2018-8127 | No | No | More Likely | More Likely | Important | 4.7 | 4.2 |
| CVE-2018-8141 | Yes | No | - | - | Important | 4.7 | 4.2 |
| Windows Remote Code Execution Vulnerability | |||||||
| CVE-2018-8136 | No | No | Less Likely | Less Likely | Low | 6.5 | 5.9 |
| Windows Security Feature Bypass Vulnerability | |||||||
| CVE-2018-0854 | No | No | Unlikely | Unlikely | Important | 2.4 | 2.2 |
| CVE-2018-0958 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
| CVE-2018-8129 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
| CVE-2018-8132 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
| Windows VBScript Engine Remote Code Execution Vulnerability | |||||||
| CVE-2018-8174 | No | Yes | Detected | Detected | Critical | 7.5 | 7.0 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
Keywords:
1 comment(s)ISC Stormcast For Tuesday, May 8th 2018 https://isc.sans.edu/podcastdetail.html?id=5987
×
![modal content]()
Diary Archives
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago