Webinar Library
Welcome to this December Patch Tuesday Bulletin. This month we have 39 unique MS related CVE’s, an Adobe Flash Update, and 2 exploited vulnerabilities. This month there are 2 vulnerabilities, CVE-2018-8611 and CVE-2018-15982, being attacked in the wild. CVE-2018-8611 is a Windows kernel elevation of privilege vulnerability that can be exploited by running a malicious application. CVE-2018-15982 is an Arbitrary Code Execution vulnerability in Flash Player. Microsoft also released a security advisory for inadvertently disclosed certificates by the Sennheiser HeadSetup and HeadSetup Pro. If this software is present in the environment then updates are required. The good news is that there were no known attacks to either browser platforms and the quantity of unique CVE’s is a lot lower than previous months. Review Flash, Windows, and Office applications this month and make sure that patches are being applied appropriately.
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Adobe Flash Player
31.0.0.153 and earlier
Critical
ADV180031**
ADV180030
*Workaround: No
**Exploited: Yes
***Public: No
Remote Code Execution
Internet Explorer
IE 9, 10, 11
CVE-2018-8619
CVE-2018-8625
CVE-2018-8631
CVE-2018-8643
**Exploited: No
Edge
All
CVE-2018-8583
CVE-2018-8617
CVE-2018-8618
CVE-2018-8624
CVE-2018-8629
Windows
Windows 7, 8.1, 8.1 RT, 10
Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
CVE-2018-8477
CVE-2018-8514
CVE-2018-8595
CVE-2018-8596
CVE-2018-8599
CVE-2018-8611**
CVE-2018-8612
CVE-2018-8621
CVE-2018-8622
CVE-2018-8626
CVE-2018-8634
CVE-2018-8637
CVE-2018-8638
CVE-2018-8639
CVE-2018-8641
CVE-2018-8649
CVE-2018-8652
ADV180029
Information Disclosure
Elevation of Privilege
Denial of Service
Spoofing
Office, Office Services, and Web Apps
Excel 2010, 2013, 2016
Office 2010, 2016 for Mac, 2019, 2019 for Mac, Web Apps 2010, Web Apps 2013
Outlook 2010, 2013, 2016
PowerPoint 2010, 2013, 2016
SharePoint Enterprise Server 2013, 2016
SharePoint Server 2010, 2013, 2019
Office 365 ProPlus
Important
CVE-2018-8580
CVE-2018-8587
CVE-2018-8597
CVE-2018-8598
CVE-2018-8627
CVE-2018-8628
CVE-2018-8635
CVE-2018-8636
CVE-2018-8650
ChakraCore
.NET Framework
.NET 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
CVE-2018-8517
CVE-2018-8540
***Public: Yes
Dynamics NAV
Nav 2016, 2017
CVE-2018-8651
Exchange Server
Server 2016
CVE-2018-8604
Tampering
Visual Studio
Visual Studio 2015, 2017
Azure Pack (WAP)
Azure Pack Rollup 13.1
We will not share your address. Unsubscribe anytime. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.