Microsoft December 2018 Patch Tuesday
December 2018 Security Updates
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
.NET Framework Denial Of Service Vulnerability | |||||||
CVE-2018-8517 | Yes | No | Unlikely | Unlikely | Important | ||
.NET Framework Remote Code Injection Vulnerability | |||||||
CVE-2018-8540 | No | No | Less Likely | Less Likely | Critical | ||
Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2018-8583 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-8617 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-8618 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-8624 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-8629 | No | No | - | - | Critical | 4.2 | 3.8 |
Connected User Experiences and Telemetry Service Denial of Service Vulnerability | |||||||
CVE-2018-8612 | No | No | More Likely | More Likely | Important | 4.7 | 4.7 |
December 2018 Adobe Flash Security Update | |||||||
ADV180031 | No | No | - | - | Critical | ||
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | |||||||
CVE-2018-8599 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
DirectX Information Disclosure Vulnerability | |||||||
CVE-2018-8638 | No | No | - | - | Important | 4.7 | 4.2 |
Internet Explorer Memory Corruption Vulnerability | |||||||
CVE-2018-8631 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
Internet Explorer Remote Code Execution Vulnerability | |||||||
CVE-2018-8619 | No | No | More Likely | More Likely | Important | 6.4 | 5.8 |
Microsoft Dynamics NAV Cross Site Scripting Vulnerability | |||||||
CVE-2018-8651 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Excel Information Disclosure Vulnerability | |||||||
CVE-2018-8598 | No | No | Less Likely | Less Likely | Important | ||
CVE-2018-8627 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2018-8597 | No | No | More Likely | More Likely | Important | ||
CVE-2018-8636 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Exchange Server Tampering Vulnerability | |||||||
CVE-2018-8604 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Outlook Remote Code Execution Vulnerability | |||||||
CVE-2018-8587 | No | No | More Likely | More Likely | Important | ||
Microsoft PowerPoint Remote Code Execution Vulnerability | |||||||
CVE-2018-8628 | No | No | More Likely | More Likely | Important | ||
Microsoft SharePoint Information Disclosure Vulnerability | |||||||
CVE-2018-8580 | No | No | Unlikely | Unlikely | Important | ||
Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||||
CVE-2018-8635 | No | No | Unlikely | Unlikely | Important | ||
Microsoft Text-To-Speech Remote Code Execution Vulnerability | |||||||
CVE-2018-8634 | No | No | More Likely | More Likely | Critical | 4.2 | 3.8 |
Remote Procedure Call runtime Information Disclosure Vulnerability | |||||||
CVE-2018-8514 | No | No | Less Likely | Less Likely | Important | 3.3 | 3.3 |
Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2018-8643 | No | No | More Likely | More Likely | Important | 6.4 | 5.8 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2018-8639 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2018-8641 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
Win32k Information Disclosure Vulnerability | |||||||
CVE-2018-8637 | No | No | More Likely | More Likely | Important | 4.7 | 4.2 |
Windows Azure Pack Cross Site Scripting Vulnerability | |||||||
CVE-2018-8652 | No | No | - | - | Important | ||
Windows DNS Server Heap Overflow Vulnerability | |||||||
CVE-2018-8626 | No | No | Less Likely | Less Likely | Critical | 9.8 | 8.8 |
Windows Denial of Service Vulnerability | |||||||
CVE-2018-8649 | No | No | - | - | Important | 5.0 | 4.5 |
Windows GDI Information Disclosure Vulnerability | |||||||
CVE-2018-8595 | No | No | More Likely | More Likely | Important | 4.7 | 4.2 |
CVE-2018-8596 | No | No | More Likely | More Likely | Important | 4.7 | 4.2 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2018-8611 | No | Yes | Detected | More Likely | Important | 7.0 | 7.0 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2018-8477 | No | No | More Likely | More Likely | Important | 3.3 | 3.3 |
CVE-2018-8621 | No | No | - | - | Important | 4.7 | 4.1 |
CVE-2018-8622 | No | No | - | - | Important | 4.7 | 4.1 |
Windows VBScript Engine Remote Code Execution Vulnerability | |||||||
CVE-2018-8625 | No | No | More Likely | More Likely | Important | 6.4 | 5.8 |
For a detailed breakdown please see Renato's Dashboard:
Keywords: Patch Tuesday Microsoft
2 comment(s)Announcing the Security Awareness Survey, find it at https://survey.sans.org/jfe/form/SV_4UZfNorPzzXlfr7
ISC Stormcast For Tuesday, December 11th 2018 https://isc.sans.edu/podcastdetail.html?id=6288
×
Diary Archives
Comments