August, 2018: Patch Tuesday: Two Exploited CVE's

Welcome to this August Patch Tuesday Bulletin. This month we have 2 CVE’s being exploited, 7 platforms with critical updates, 60 CVE’s listed, and one bulletin for Adobe Flash. CVE-2018-8373 and CVE-2018-8414 are currently being exploited in the wild. CVE-2018-8373 is a Scripting Engine vulnerability that would allow remote code execution if a user visits a maliciously crafted website or opens a malicious document with embedded ActiveX content. CVE-2018-8414 is a Windows Shell vulnerability that would allow remote code execution if a user opens a maliciously crafted file. There were no identified workarounds or mitigations for any of the listed vulnerabilities. Test and deploy updates to hosts that are affected by these vulnerabilities as soon as possible.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

IE

IE 9, 10, 11

Critical

CVE-2018-8316

CVE-2018-8351

CVE-2018-8353

CVE-2018-8355

CVE-2018-8357

CVE-2018-8371

CVE-2018-8372

CVE-2018-8373**

CVE-2018-8385

CVE-2018-8389

CVE-2018-8403

*Workaround: No

**Exploited: Yes

Remote Code Execution

Information Disclosure

Elevation of Privilege

 

Edge

All

Critical

CVE-2018-8266

CVE-2018-8351

CVE-2018-8355

CVE-2018-8357

CVE-2018-8358

CVE-2018-8370

CVE-2018-8372

CVE-2018-8377

CVE-2018-8380

CVE-2018-8381

CVE-2018-8383

CVE-2018-8385

CVE-2018-8387

CVE-2018-8388

CVE-2018-8390

CVE-2018-8403

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

Elevation of Privilege

Security Feature Bypass

Spoofing

 

Windows

Windows 7, 8.1, RT 8.1, 10

Server 2008, 2008 R2, 2012, 2012 R2, 2016

Critical

CVE-2018-0952

CVE-2018-8200

CVE-2018-8204

CVE-2018-8253

CVE-2018-8339

CVE-2018-8340

CVE-2018-8341

CVE-2018-8342

CVE-2018-8343

CVE-2018-8344

CVE-2018-8345

CVE-2018-8346

CVE-2018-8347

CVE-2018-8348

CVE-2018-8349

CVE-2018-8350

CVE-2018-8394

CVE-2018-8396

CVE-2018-8397

CVE-2018-8398

CVE-2018-8399

CVE-2018-8400

CVE-2018-8401

CVE-2018-8404

CVE-2018-8405

CVE-2018-8406

CVE-2018-8414**

*Workaround: No

**Exploited: Yes

Information Disclosure

Elevation of Privilege

Security Feature Bypass

Remote Code Execution

 

Office

Excel 2010, 2013, 2016

Office 2010, 2013, 2016, Web Apps 2010, Web Apps 2013

Outlook 2010, 2013, 2016

PowerPoint 2010

SharePoint 2013, 2016

Important

CVE-2018-8375

CVE-2018-8376

CVE-2018-8378

CVE-2018-8379

CVE-2018-8382

CVE-2018-8412

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

Elevation of Privilege

 

ChakraCore

ChakraCore

Critical

CVE-2018-8266

CVE-2018-8355

CVE-2018-8359

CVE-2018-8372

CVE-2018-8380

CVE-2018-8381

CVE-2018-8384

CVE-2018-8385

CVE-2018-8390

*Workaround: No

**Exploited: No

Remote Code Execution

Adobe Flash Player

30.0.0.134 and earlier versions

Critical

ADV180020

*Workaround: No

**Exploited: No

Remote Code Execution

.NET Framework

.NET 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2,

Important

CVE-2018-8360

*Workaround: No

**Exploited: No

Information Disclosure

Exchange

Exchange 2010, 2013, 2016

Critical

CVE-2018-8302

CVE-2018-8374

*Workaround: No

**Exploited: No

Remote Code Execution

Tampering

SQL

SQL Server 2016, 2017

Critical

CVE-2018-8273

*Workaround: No

**Exploited: No

Remote Code Execution

Visual Studio

Visual Studio 2015, 2017

Important

CVE-2018-0952

*Workaround: No

**Exploited: No

Elevation of Privilege


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.