Welcome to this August Patch Tuesday Bulletin. This month we have 2 CVE’s being exploited, 7 platforms with critical updates, 60 CVE’s listed, and one bulletin for Adobe Flash. CVE-2018-8373 and CVE-2018-8414 are currently being exploited in the wild. CVE-2018-8373 is a Scripting Engine vulnerability that would allow remote code execution if a user visits a maliciously crafted website or opens a malicious document with embedded ActiveX content. CVE-2018-8414 is a Windows Shell vulnerability that would allow remote code execution if a user opens a maliciously crafted file. There were no identified workarounds or mitigations for any of the listed vulnerabilities. Test and deploy updates to hosts that are affected by these vulnerabilities as soon as possible.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.