Microsoft patched to vulnerabilities that have already been exploited in the wild:
CVE-2018-8174, a remote code execution vulnerability in the VBScript Engine.
CVE-2018-8120, a privilege escalation vulnerability in Win32k..
CVE-2018-8170. another privilege escalation vulnerabilty patched this month was known publicly, but has not been detected in exploits so far.
In addtion, CVE-2018-8115, which was already patched last week, is included in this months patch round-up.
| Description |
| CVE |
Disclosed |
Exploited |
Exploitability (old versions) |
current version |
Severity |
CVSS Base (AVG) |
CVSS Temporal (AVG) |
| .NET Framework Device Guard Security Feature Bypass Vulnerability |
| CVE-2018-1039 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
| .NET and .NET Core Denial of Service Vulnerability |
| CVE-2018-0765 |
No |
No |
Unlikely |
Unlikely |
Important |
|
|
| Azure IoT SDK Spoofing Vulnerability |
| CVE-2018-8119 |
No |
No |
- |
- |
Important |
|
|
| Chakra Scripting Engine Memory Corruption Vulnerability |
| CVE-2018-8130 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| CVE-2018-8133 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| CVE-2018-8145 |
No |
No |
Unlikely |
Unlikely |
Important |
2.4 |
2.2 |
| CVE-2018-8177 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| CVE-2018-0943 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2018-8165 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
| Hyper-V Remote Code Execution Vulnerability |
| CVE-2018-0959 |
No |
No |
Less Likely |
Less Likely |
Critical |
7.6 |
6.8 |
| Hyper-V vSMB Remote Code Execution Vulnerability |
| CVE-2018-0961 |
No |
No |
Less Likely |
Less Likely |
Critical |
7.6 |
6.8 |
| Internet Explorer Security Feature Bypass Vulnerability |
| CVE-2018-8126 |
No |
No |
Less Likely |
Less Likely |
Important |
5.3 |
4.8 |
| May 2018 Adobe Flash Security Update |
| ADV180008 |
No |
No |
- |
- |
Critical |
|
|
| Microsoft Browser Information Disclosure Vulnerability |
| CVE-2018-1025 |
No |
No |
More Likely |
More Likely |
Important |
4.3 |
3.9 |
| Microsoft Browser Memory Corruption Vulnerability |
| CVE-2018-8178 |
No |
No |
More Likely |
More Likely |
Critical |
6.4 |
5.8 |
| Microsoft COM for Windows Remote Code Execution Vulnerability |
| CVE-2018-0824 |
No |
No |
Less Likely |
Less Likely |
Important |
7.5 |
6.7 |
| Microsoft Edge Information Disclosure Vulnerability |
| CVE-2018-1021 |
No |
No |
- |
- |
Important |
4.3 |
3.9 |
| Microsoft Edge Memory Corruption Vulnerability |
| CVE-2018-8123 |
No |
No |
- |
- |
Important |
4.2 |
3.8 |
| CVE-2018-8179 |
No |
No |
- |
- |
Important |
4.2 |
3.8 |
| Microsoft Edge Security Feature Bypass Vulnerability |
| CVE-2018-8112 |
No |
No |
- |
- |
Important |
4.3 |
3.9 |
| Microsoft Excel Information Disclosure Vulnerability |
| CVE-2018-8163 |
No |
No |
More Likely |
More Likely |
Important |
|
|
| Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2018-8162 |
No |
No |
More Likely |
More Likely |
Important |
|
|
| CVE-2018-8147 |
No |
No |
More Likely |
More Likely |
Important |
|
|
| CVE-2018-8148 |
No |
No |
More Likely |
More Likely |
Important |
|
|
| Microsoft Exchange Elevation of Privilege Vulnerability |
| CVE-2018-8159 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
| Microsoft Exchange Memory Corruption Vulnerability |
| CVE-2018-8151 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
| CVE-2018-8154 |
No |
No |
Less Likely |
Less Likely |
Critical |
|
|
| Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2018-8152 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
| Microsoft Exchange Spoofing Vulnerability |
| CVE-2018-8153 |
No |
No |
Less Likely |
Less Likely |
Low |
|
|
| Microsoft InfoPath Remote Code Execution Vulnerability |
| CVE-2018-8173 |
No |
No |
- |
- |
Important |
|
|
| Microsoft Office Remote Code Execution Vulnerability |
| CVE-2018-8161 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
| CVE-2018-8157 |
No |
No |
More Likely |
More Likely |
Important |
|
|
| CVE-2018-8158 |
No |
No |
More Likely |
More Likely |
Important |
|
|
| Microsoft Outlook Information Disclosure Vulnerability |
| CVE-2018-8160 |
No |
No |
- |
- |
Important |
|
|
| Microsoft Outlook Security Feature Bypass Vulnerability |
| CVE-2018-8150 |
No |
No |
- |
- |
Important |
|
|
| Microsoft SharePoint Elevation of Privilege Vulnerability |
| CVE-2018-8155 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
| CVE-2018-8156 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
| CVE-2018-8168 |
No |
No |
- |
- |
Important |
|
|
| CVE-2018-8149 |
No |
No |
Less Likely |
Less Likely |
Important |
|
|
| Scripting Engine Memory Corruption Vulnerability |
| CVE-2018-8122 |
No |
No |
More Likely |
More Likely |
Critical |
6.4 |
5.8 |
| CVE-2018-8128 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| CVE-2018-8137 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| CVE-2018-8139 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| CVE-2018-0945 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| CVE-2018-0946 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| CVE-2018-0951 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| CVE-2018-0953 |
No |
No |
- |
- |
Critical |
4.2 |
3.8 |
| CVE-2018-0954 |
No |
No |
More Likely |
More Likely |
Critical |
4.2 |
3.8 |
| CVE-2018-0955 |
No |
No |
More Likely |
More Likely |
Critical |
6.4 |
5.8 |
| CVE-2018-1022 |
No |
No |
More Likely |
More Likely |
Critical |
6.4 |
5.8 |
| CVE-2018-8114 |
No |
No |
More Likely |
More Likely |
Critical |
6.4 |
5.8 |
| Win32k Elevation of Privilege Vulnerability |
| CVE-2018-8124 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
| CVE-2018-8164 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
| CVE-2018-8166 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
| CVE-2018-8120 |
No |
Yes |
- |
- |
Important |
7.0 |
6.3 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2018-8167 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.7 |
| Windows Elevation of Privilege Vulnerability |
| CVE-2018-8134 |
No |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
| Windows Host Compute Service Shim Remote Code Execution Vulnerability |
| CVE-2018-8115 |
No |
No |
Unlikely |
Unlikely |
Critical |
|
|
| Windows Image Elevation of Privilege Vulnerability |
| CVE-2018-8170 |
Yes |
No |
More Likely |
More Likely |
Important |
7.0 |
6.3 |
| Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2018-8897 |
No |
No |
Unlikely |
Unlikely |
Important |
7.0 |
6.3 |
| Windows Kernel Information Disclosure Vulnerability |
| CVE-2018-8127 |
No |
No |
More Likely |
More Likely |
Important |
4.7 |
4.2 |
| CVE-2018-8141 |
Yes |
No |
- |
- |
Important |
4.7 |
4.2 |
| Windows Remote Code Execution Vulnerability |
| CVE-2018-8136 |
No |
No |
Less Likely |
Less Likely |
Low |
6.5 |
5.9 |
| Windows Security Feature Bypass Vulnerability |
| CVE-2018-0854 |
No |
No |
Unlikely |
Unlikely |
Important |
2.4 |
2.2 |
| CVE-2018-0958 |
No |
No |
Less Likely |
Less Likely |
Important |
5.3 |
4.8 |
| CVE-2018-8129 |
No |
No |
Less Likely |
Less Likely |
Important |
5.3 |
4.8 |
| CVE-2018-8132 |
No |
No |
Less Likely |
Less Likely |
Important |
5.3 |
4.8 |
| Windows VBScript Engine Remote Code Execution Vulnerability |
| CVE-2018-8174 |
No |
Yes |
Detected |
Detected |
Critical |
7.5 |
7.0 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
I will be teaching next:
Defending Web Applications Security Essentials - SANS San Francisco Winter 2019
