Microsoft patched to vulnerabilities that have already been exploited in the wild:
CVE-2018-8174, a remote code execution vulnerability in the VBScript Engine.
CVE-2018-8120, a privilege escalation vulnerability in Win32k..
CVE-2018-8170. another privilege escalation vulnerabilty patched this month was known publicly, but has not been detected in exploits so far.
In addtion, CVE-2018-8115, which was already patched last week, is included in this months patch round-up.
Description |
CVE |
Disclosed |
Exploited |
Exploitability (old versions) |
current version |
Severity |
CVSS Base (AVG) |
CVSS Temporal (AVG) |
.NET Framework Device Guard Security Feature Bypass Vulnerability |
CVE-2018-1039 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
.NET and .NET Core Denial of Service Vulnerability |
CVE-2018-0765 |
No |
No |
Unlikely |
Unlikely |
Important |
|
|
Azure IoT SDK Spoofing Vulnerability |
CVE-2018-8119 |
No |
No |
- |
- |
Important |
|
|
Chakra Scripting Engine Memory Corruption Vulnerability |
CVE-2018-8130 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
CVE-2018-8133 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
CVE-2018-8145 |
No |
No |
Unlikely |
Unlikely |
Important |
2.4 |
2.2 |
CVE-2018-8177 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
CVE-2018-0943 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
DirectX Graphics Kernel Elevation of Privilege Vulnerability |
CVE-2018-8165 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
Hyper-V Remote Code Execution Vulnerability |
CVE-2018-0959 |
No |
No |
Less Likely |
Less Likely |
Critical |
7.6 |
6.8 |
Hyper-V vSMB Remote Code Execution Vulnerability |
CVE-2018-0961 |
No |
No |
Less Likely |
Less Likely |
Critical |
7.6 |
6.8 |
Internet Explorer Security Feature Bypass Vulnerability |
CVE-2018-8126 |
No |
No |
Less Likely |
Less Likely |
Important |
5.3 |
4.8 |
May 2018 Adobe Flash Security Update |
ADV180008 |
No |
No |
- |
- |
Critical |
|
|
Microsoft Browser Information Disclosure Vulnerability |
CVE-2018-1025 |
No |
No |
More Likely |
More Likely |
Important |
4.3 |
3.9 |
Microsoft Browser Memory Corruption Vulnerability |
CVE-2018-8178 |
No |
No |
More Likely |
More Likely |
Critical |
6.4 |
5.8 |
Microsoft COM for Windows Remote Code Execution Vulnerability |
CVE-2018-0824 |
No |
No |
Less Likely |
Less Likely |
Important |
7.5 |
6.7 |
Microsoft Edge Information Disclosure Vulnerability |
CVE-2018-1021 |
No |
No |
- |
- |
Important |
4.3 |
3.9 |
Microsoft Edge Memory Corruption Vulnerability |
CVE-2018-8123 |
No |
No |
- |
- |
Important |
4.2 |
3.8 |
CVE-2018-8179 |
No |
No |
- |
- |
Important |
4.2 |
3.8 |
Microsoft Edge Security Feature Bypass Vulnerability |
CVE-2018-8112 |
No |
No |
- |
- |
Important |
4.3 |
3.9 |
Microsoft Excel Information Disclosure Vulnerability |
CVE-2018-8163 |
No |
No |
More Likely |
More Likely |
Important |
|
|
Microsoft Excel Remote Code Execution Vulnerability |
CVE-2018-8162 |
No |
No |
More Likely |
More Likely |
Important |
|
|
CVE-2018-8147 |
No |
No |
More Likely |
More Likely |
Important |
|
|
CVE-2018-8148 |
No |
No |
More Likely |
More Likely |
Important |
|
|
Microsoft Exchange Elevation of Privilege Vulnerability |
CVE-2018-8159 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
Microsoft Exchange Memory Corruption Vulnerability |
CVE-2018-8151 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
CVE-2018-8154 |
No |
No |
Less Likely |
Less Likely |
Critical |
|
|
Microsoft Exchange Server Elevation of Privilege Vulnerability |
CVE-2018-8152 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
Microsoft Exchange Spoofing Vulnerability |
CVE-2018-8153 |
No |
No |
Less Likely |
Less Likely |
Low |
|
|
Microsoft InfoPath Remote Code Execution Vulnerability |
CVE-2018-8173 |
No |
No |
- |
- |
Important |
|
|
Microsoft Office Remote Code Execution Vulnerability |
CVE-2018-8161 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
CVE-2018-8157 |
No |
No |
More Likely |
More Likely |
Important |
|
|
CVE-2018-8158 |
No |
No |
More Likely |
More Likely |
Important |
|
|
Microsoft Outlook Information Disclosure Vulnerability |
CVE-2018-8160 |
No |
No |
- |
- |
Important |
|
|
Microsoft Outlook Security Feature Bypass Vulnerability |
CVE-2018-8150 |
No |
No |
- |
- |
Important |
|
|
Microsoft SharePoint Elevation of Privilege Vulnerability |
CVE-2018-8155 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
CVE-2018-8156 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
CVE-2018-8168 |
No |
No |
- |
- |
Important |
|
|
CVE-2018-8149 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
Scripting Engine Memory Corruption Vulnerability |
CVE-2018-8122 |
No |
No |
More Likely |
More Likely |
Critical |
6.4 |
5.8 |
CVE-2018-8128 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
CVE-2018-8137 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
CVE-2018-8139 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
CVE-2018-0945 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
CVE-2018-0946 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
CVE-2018-0951 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
CVE-2018-0953 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
CVE-2018-0954 |
No |
No |
More Likely |
More Likely |
Critical |
4.2 |
3.8 |
CVE-2018-0955 |
No |
No |
More Likely |
More Likely |
Critical |
6.4 |
5.8 |
CVE-2018-1022 |
No |
No |
More Likely |
More Likely |
Critical |
6.4 |
5.8 |
CVE-2018-8114 |
No |
No |
More Likely |
More Likely |
Critical |
6.4 |
5.8 |
Win32k Elevation of Privilege Vulnerability |
CVE-2018-8124 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
CVE-2018-8164 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
CVE-2018-8166 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
CVE-2018-8120 |
No |
Yes |
- |
- |
Important |
7.0 |
6.3 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
CVE-2018-8167 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.7 |
Windows Elevation of Privilege Vulnerability |
CVE-2018-8134 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
Windows Host Compute Service Shim Remote Code Execution Vulnerability |
CVE-2018-8115 |
No |
No |
Unlikely |
Unlikely |
Critical |
|
|
Windows Image Elevation of Privilege Vulnerability |
CVE-2018-8170 |
Yes |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
Windows Kernel Elevation of Privilege Vulnerability |
CVE-2018-8897 |
No |
No |
Unlikely |
Unlikely |
Important |
7.0 |
6.3 |
Windows Kernel Information Disclosure Vulnerability |
CVE-2018-8127 |
No |
No |
More Likely |
More Likely |
Important |
4.7 |
4.2 |
CVE-2018-8141 |
Yes |
No |
- |
- |
Important |
4.7 |
4.2 |
Windows Remote Code Execution Vulnerability |
CVE-2018-8136 |
No |
No |
Less Likely |
Less Likely |
Low |
6.5 |
5.9 |
Windows Security Feature Bypass Vulnerability |
CVE-2018-0854 |
No |
No |
Unlikely |
Unlikely |
Important |
2.4 |
2.2 |
CVE-2018-0958 |
No |
No |
Less Likely |
Less Likely |
Important |
5.3 |
4.8 |
CVE-2018-8129 |
No |
No |
Less Likely |
Less Likely |
Important |
5.3 |
4.8 |
CVE-2018-8132 |
No |
No |
Less Likely |
Less Likely |
Important |
5.3 |
4.8 |
Windows VBScript Engine Remote Code Execution Vulnerability |
CVE-2018-8174 |
No |
Yes |
Detected |
Detected |
Critical |
7.5 |
7.0 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
I will be teaching next:
Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022