Microsoft December 2018 Patch Tuesday
December 2018 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Framework Denial Of Service Vulnerability | |||||||
| CVE-2018-8517 | Yes | No | Unlikely | Unlikely | Important | ||
| .NET Framework Remote Code Injection Vulnerability | |||||||
| CVE-2018-8540 | No | No | Less Likely | Less Likely | Critical | ||
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2018-8583 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8617 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8618 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8624 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8629 | No | No | - | - | Critical | 4.2 | 3.8 |
| Connected User Experiences and Telemetry Service Denial of Service Vulnerability | |||||||
| CVE-2018-8612 | No | No | More Likely | More Likely | Important | 4.7 | 4.7 |
| December 2018 Adobe Flash Security Update | |||||||
| ADV180031 | No | No | - | - | Critical | ||
| Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8599 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| DirectX Information Disclosure Vulnerability | |||||||
| CVE-2018-8638 | No | No | - | - | Important | 4.7 | 4.2 |
| Internet Explorer Memory Corruption Vulnerability | |||||||
| CVE-2018-8631 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| Internet Explorer Remote Code Execution Vulnerability | |||||||
| CVE-2018-8619 | No | No | More Likely | More Likely | Important | 6.4 | 5.8 |
| Microsoft Dynamics NAV Cross Site Scripting Vulnerability | |||||||
| CVE-2018-8651 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Excel Information Disclosure Vulnerability | |||||||
| CVE-2018-8598 | No | No | Less Likely | Less Likely | Important | ||
| CVE-2018-8627 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2018-8597 | No | No | More Likely | More Likely | Important | ||
| CVE-2018-8636 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Exchange Server Tampering Vulnerability | |||||||
| CVE-2018-8604 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Outlook Remote Code Execution Vulnerability | |||||||
| CVE-2018-8587 | No | No | More Likely | More Likely | Important | ||
| Microsoft PowerPoint Remote Code Execution Vulnerability | |||||||
| CVE-2018-8628 | No | No | More Likely | More Likely | Important | ||
| Microsoft SharePoint Information Disclosure Vulnerability | |||||||
| CVE-2018-8580 | No | No | Unlikely | Unlikely | Important | ||
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8635 | No | No | Unlikely | Unlikely | Important | ||
| Microsoft Text-To-Speech Remote Code Execution Vulnerability | |||||||
| CVE-2018-8634 | No | No | More Likely | More Likely | Critical | 4.2 | 3.8 |
| Remote Procedure Call runtime Information Disclosure Vulnerability | |||||||
| CVE-2018-8514 | No | No | Less Likely | Less Likely | Important | 3.3 | 3.3 |
| Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2018-8643 | No | No | More Likely | More Likely | Important | 6.4 | 5.8 |
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8639 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| CVE-2018-8641 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| Win32k Information Disclosure Vulnerability | |||||||
| CVE-2018-8637 | No | No | More Likely | More Likely | Important | 4.7 | 4.2 |
| Windows Azure Pack Cross Site Scripting Vulnerability | |||||||
| CVE-2018-8652 | No | No | - | - | Important | ||
| Windows DNS Server Heap Overflow Vulnerability | |||||||
| CVE-2018-8626 | No | No | Less Likely | Less Likely | Critical | 9.8 | 8.8 |
| Windows Denial of Service Vulnerability | |||||||
| CVE-2018-8649 | No | No | - | - | Important | 5.0 | 4.5 |
| Windows GDI Information Disclosure Vulnerability | |||||||
| CVE-2018-8595 | No | No | More Likely | More Likely | Important | 4.7 | 4.2 |
| CVE-2018-8596 | No | No | More Likely | More Likely | Important | 4.7 | 4.2 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8611 | No | Yes | Detected | More Likely | Important | 7.0 | 7.0 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2018-8477 | No | No | More Likely | More Likely | Important | 3.3 | 3.3 |
| CVE-2018-8621 | No | No | - | - | Important | 4.7 | 4.1 |
| CVE-2018-8622 | No | No | - | - | Important | 4.7 | 4.1 |
| Windows VBScript Engine Remote Code Execution Vulnerability | |||||||
| CVE-2018-8625 | No | No | More Likely | More Likely | Important | 6.4 | 5.8 |
For a detailed breakdown please see Renato's Dashboard:
Keywords: Patch Tuesday Microsoft
2 comment(s)Announcing the Security Awareness Survey, find it at https://survey.sans.org/jfe/form/SV_4UZfNorPzzXlfr7
ISC Stormcast For Tuesday, December 11th 2018 https://isc.sans.edu/podcastdetail.html?id=6288
×
![modal content]()
Diary Archives
Comments