Microsoft May 2018 Patch Tuesday
Microsoft patched to vulnerabilities that have already been exploited in the wild:
CVE-2018-8174, a remote code execution vulnerability in the VBScript Engine.
CVE-2018-8120, a privilege escalation vulnerability in Win32k..
CVE-2018-8170. another privilege escalation vulnerabilty patched this month was known publicly, but has not been detected in exploits so far.
In addtion, CVE-2018-8115, which was already patched last week, is included in this months patch round-up.
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Framework Device Guard Security Feature Bypass Vulnerability | |||||||
| CVE-2018-1039 | No | No | Less Likely | Less Likely | Important | ||
| .NET and .NET Core Denial of Service Vulnerability | |||||||
| CVE-2018-0765 | No | No | Unlikely | Unlikely | Important | ||
| Azure IoT SDK Spoofing Vulnerability | |||||||
| CVE-2018-8119 | No | No | - | - | Important | ||
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2018-8130 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8133 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8145 | No | No | Unlikely | Unlikely | Important | 2.4 | 2.2 |
| CVE-2018-8177 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0943 | No | No | - | - | Critical | 4.2 | 3.8 |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8165 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| Hyper-V Remote Code Execution Vulnerability | |||||||
| CVE-2018-0959 | No | No | Less Likely | Less Likely | Critical | 7.6 | 6.8 |
| Hyper-V vSMB Remote Code Execution Vulnerability | |||||||
| CVE-2018-0961 | No | No | Less Likely | Less Likely | Critical | 7.6 | 6.8 |
| Internet Explorer Security Feature Bypass Vulnerability | |||||||
| CVE-2018-8126 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
| May 2018 Adobe Flash Security Update | |||||||
| ADV180008 | No | No | - | - | Critical | ||
| Microsoft Browser Information Disclosure Vulnerability | |||||||
| CVE-2018-1025 | No | No | More Likely | More Likely | Important | 4.3 | 3.9 |
| Microsoft Browser Memory Corruption Vulnerability | |||||||
| CVE-2018-8178 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| Microsoft COM for Windows Remote Code Execution Vulnerability | |||||||
| CVE-2018-0824 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
| Microsoft Edge Information Disclosure Vulnerability | |||||||
| CVE-2018-1021 | No | No | - | - | Important | 4.3 | 3.9 |
| Microsoft Edge Memory Corruption Vulnerability | |||||||
| CVE-2018-8123 | No | No | - | - | Important | 4.2 | 3.8 |
| CVE-2018-8179 | No | No | - | - | Important | 4.2 | 3.8 |
| Microsoft Edge Security Feature Bypass Vulnerability | |||||||
| CVE-2018-8112 | No | No | - | - | Important | 4.3 | 3.9 |
| Microsoft Excel Information Disclosure Vulnerability | |||||||
| CVE-2018-8163 | No | No | More Likely | More Likely | Important | ||
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2018-8162 | No | No | More Likely | More Likely | Important | ||
| CVE-2018-8147 | No | No | More Likely | More Likely | Important | ||
| CVE-2018-8148 | No | No | More Likely | More Likely | Important | ||
| Microsoft Exchange Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8159 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Exchange Memory Corruption Vulnerability | |||||||
| CVE-2018-8151 | No | No | Less Likely | Less Likely | Important | ||
| CVE-2018-8154 | No | No | Less Likely | Less Likely | Critical | ||
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8152 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Exchange Spoofing Vulnerability | |||||||
| CVE-2018-8153 | No | No | Less Likely | Less Likely | Low | ||
| Microsoft InfoPath Remote Code Execution Vulnerability | |||||||
| CVE-2018-8173 | No | No | - | - | Important | ||
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2018-8161 | No | No | Less Likely | Less Likely | Important | ||
| CVE-2018-8157 | No | No | More Likely | More Likely | Important | ||
| CVE-2018-8158 | No | No | More Likely | More Likely | Important | ||
| Microsoft Outlook Information Disclosure Vulnerability | |||||||
| CVE-2018-8160 | No | No | - | - | Important | ||
| Microsoft Outlook Security Feature Bypass Vulnerability | |||||||
| CVE-2018-8150 | No | No | - | - | Important | ||
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8155 | No | No | Less Likely | Less Likely | Important | ||
| CVE-2018-8156 | No | No | Less Likely | Less Likely | Important | ||
| CVE-2018-8168 | No | No | - | - | Important | ||
| CVE-2018-8149 | No | No | Less Likely | Less Likely | Important | ||
| Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2018-8122 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| CVE-2018-8128 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8137 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-8139 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0945 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0946 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0951 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0953 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2018-0954 | No | No | More Likely | More Likely | Critical | 4.2 | 3.8 |
| CVE-2018-0955 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| CVE-2018-1022 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| CVE-2018-8114 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8124 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| CVE-2018-8164 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| CVE-2018-8166 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| CVE-2018-8120 | No | Yes | - | - | Important | 7.0 | 6.3 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8167 | No | No | More Likely | More Likely | Important | 7.0 | 6.7 |
| Windows Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8134 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| Windows Host Compute Service Shim Remote Code Execution Vulnerability | |||||||
| CVE-2018-8115 | No | No | Unlikely | Unlikely | Critical | ||
| Windows Image Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8170 | Yes | No | More Likely | More Likely | Important | 7.0 | 6.3 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2018-8897 | No | No | Unlikely | Unlikely | Important | 7.0 | 6.3 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2018-8127 | No | No | More Likely | More Likely | Important | 4.7 | 4.2 |
| CVE-2018-8141 | Yes | No | - | - | Important | 4.7 | 4.2 |
| Windows Remote Code Execution Vulnerability | |||||||
| CVE-2018-8136 | No | No | Less Likely | Less Likely | Low | 6.5 | 5.9 |
| Windows Security Feature Bypass Vulnerability | |||||||
| CVE-2018-0854 | No | No | Unlikely | Unlikely | Important | 2.4 | 2.2 |
| CVE-2018-0958 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
| CVE-2018-8129 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
| CVE-2018-8132 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
| Windows VBScript Engine Remote Code Execution Vulnerability | |||||||
| CVE-2018-8174 | No | Yes | Detected | Detected | Critical | 7.5 | 7.0 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
Keywords:
1 comment(s)
My next class:
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
![modal content]()
Diary Archives
Comments
See https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170017
Anonymous
May 8th 2018
6 years ago