Microsoft December 2018 Patch Tuesday

Published: 2018-12-11
Last Updated: 2018-12-11 20:58:52 UTC
by Richard Porter (Version: 1)
2 comment(s)

December 2018 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Denial Of Service Vulnerability
CVE-2018-8517 Yes No Unlikely Unlikely Important    
.NET Framework Remote Code Injection Vulnerability
CVE-2018-8540 No No Less Likely Less Likely Critical    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8583 No No - - Critical 4.2 3.8
CVE-2018-8617 No No - - Critical 4.2 3.8
CVE-2018-8618 No No - - Critical 4.2 3.8
CVE-2018-8624 No No - - Critical 4.2 3.8
CVE-2018-8629 No No - - Critical 4.2 3.8
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVE-2018-8612 No No More Likely More Likely Important 4.7 4.7
December 2018 Adobe Flash Security Update
ADV180031 No No - - Critical    
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2018-8599 No No More Likely More Likely Important 7.0 6.3
DirectX Information Disclosure Vulnerability
CVE-2018-8638 No No - - Important 4.7 4.2
Internet Explorer Memory Corruption Vulnerability
CVE-2018-8631 No No More Likely More Likely Critical 6.4 5.8
Internet Explorer Remote Code Execution Vulnerability
CVE-2018-8619 No No More Likely More Likely Important 6.4 5.8
Microsoft Dynamics NAV Cross Site Scripting Vulnerability
CVE-2018-8651 No No Less Likely Less Likely Important    
Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8598 No No Less Likely Less Likely Important    
CVE-2018-8627 No No Less Likely Less Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8597 No No More Likely More Likely Important    
CVE-2018-8636 No No Less Likely Less Likely Important    
Microsoft Exchange Server Tampering Vulnerability
CVE-2018-8604 No No Less Likely Less Likely Important    
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2018-8587 No No More Likely More Likely Important    
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2018-8628 No No More Likely More Likely Important    
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2018-8580 No No Unlikely Unlikely Important    
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2018-8635 No No Unlikely Unlikely Important    
Microsoft Text-To-Speech Remote Code Execution Vulnerability
CVE-2018-8634 No No More Likely More Likely Critical 4.2 3.8
Remote Procedure Call runtime Information Disclosure Vulnerability
CVE-2018-8514 No No Less Likely Less Likely Important 3.3 3.3
Scripting Engine Memory Corruption Vulnerability
CVE-2018-8643 No No More Likely More Likely Important 6.4 5.8
Win32k Elevation of Privilege Vulnerability
CVE-2018-8639 No No More Likely More Likely Important 7.0 6.3
CVE-2018-8641 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2018-8637 No No More Likely More Likely Important 4.7 4.2
Windows Azure Pack Cross Site Scripting Vulnerability
CVE-2018-8652 No No - - Important    
Windows DNS Server Heap Overflow Vulnerability
CVE-2018-8626 No No Less Likely Less Likely Critical 9.8 8.8
Windows Denial of Service Vulnerability
CVE-2018-8649 No No - - Important 5.0 4.5
Windows GDI Information Disclosure Vulnerability
CVE-2018-8595 No No More Likely More Likely Important 4.7 4.2
CVE-2018-8596 No No More Likely More Likely Important 4.7 4.2
Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8611 No Yes Detected More Likely Important 7.0 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2018-8477 No No More Likely More Likely Important 3.3 3.3
CVE-2018-8621 No No - - Important 4.7 4.1
CVE-2018-8622 No No - - Important 4.7 4.1
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-8625 No No More Likely More Likely Important 6.4 5.8

 

For a detailed breakdown please see Renato's Dashboard: 

https://patchtuesdaydashboard.com/

Keywords: Patch Tuesday Microsoft
2 comment(s)
Announcing the Security Awareness Survey, find it at https://survey.sans.org/jfe/form/SV_4UZfNorPzzXlfr7
ISC Stormcast For Tuesday, December 11th 2018 https://isc.sans.edu/podcastdetail.html?id=6288

Comments

cwqwqwq

www

Nov 17th 2022
6 months ago

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

EEW

Nov 17th 2022
6 months ago

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

qwq

Nov 17th 2022
6 months ago

dwqqqwqwq mashood

mashood

Nov 17th 2022
6 months ago

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

isc.sans.edu

Nov 23rd 2022
6 months ago

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

isc.sans.edu

Nov 23rd 2022
6 months ago

What's this all about ..?

isc.sans.edu

Dec 3rd 2022
6 months ago

password reveal .

isc.sans.edu

Dec 3rd 2022
6 months ago

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

isc.sans.edu

Dec 26th 2022
5 months ago

https://thehomestore.com.pk/

isc.sans.edu

Dec 26th 2022
5 months ago

Login here to join the discussion.


Diary Archives