Webinar Library
Welcome to this July Patch Tuesday Bulletin. This month we have 54 unique CVE’s, 14 total platforms, 6 platforms with critical severity updates, and 0 attacks in the wild against vulnerabilities listed. Take a look at the Microsoft Wireless Display Adapter Command Injection Vulnerability (CVE-2018-8306) and update the firmware if necessary. There is a mitigation for this vulnerability that requires you to pair with a PIN code. Adobe released an update for Flash Player which also includes a workaround. Take a look at ADV180017 and disable Flash or warn the user when it attempts to run in Internet Explorer or Office products. Take some time to think about mitigations if patching cannot be quickly performed or is delayed. Often, these mitigations are great long term security controls despite the need to mitigate the vulnerability.
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
So, without further ado, here’s the chart of MS patches this month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Internet Explorer
IE 9, 10, 11
Critical
CVE-2018-0949
CVE-2018-8242
CVE-2018-8287
CVE-2018-8288
CVE-2018-8291
CVE-2018-8296
*Workaround: No
**Exploited: No
Security Feature Bypass
Remote Code Execution
Edge
All
CVE-2018-8125
CVE-2018-8262
CVE-2018-8274
CVE-2018-8275
CVE-2018-8276
CVE-2018-8278
CVE-2018-8279
CVE-2018-8280
CVE-2018-8286
CVE-2018-8289
CVE-2018-8290
CVE-2018-8294
CVE-2018-8297
CVE-2018-8301
CVE-2018-8324
CVE-2018-8325
Spoofing
Information Disclosure
Windows
Windows 7, 8.1, RT 8.1, 10
Server 2008, 2008 R2, 2012, 2012 R2, 2016
Important
CVE-2018-8206
CVE-2018-8222
CVE-2018-8282
CVE-2018-8304
CVE-2018-8307
CVE-2018-8308
CVE-2018-8309
CVE-2018-8313
CVE-2018-8314
Denial of Service
Elevation of Privilege
Office
Access 2013, 2016
Excel Viewer
Lync 2013
Office 2010, 2016, 2016 for Mac
Word Viewer
PowerPoint Viewer
SharePoint Server 2013, 2016
Word 2010, 2013, 2016
Skype for Business 2016
CVE-2018-8238
CVE-2018-8281
CVE-2018-8299
CVE-2018-8300
CVE-2018-8310
CVE-2018-8311
CVE-2018-8312
CVE-2018-8323
Tampering
ChakraCore
CVE-2018-8283
CVE-2018-8298
Adobe Flash Player
30.0.0.113 and earlier
ADV180017
CVE-2018-5007*
CVE-2018-5008*
*Workaround: Yes
Arbitrary Code Execution
.NET Framework
.NET Core 1.0, 1.1, 2.0
.NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.7, 4.7.1, 4.7.2
CVE-2018-8202
CVE-2018-8260
CVE-2018-8284
CVE-2018-8356
ASP.NET
ASP.NET Core 1.0, 1.1, 2.0
ASP.NET Web Pages 3.2.3
ASP.NET MVC 5.2
CVE-2018-8171
JavaScript Cryptography Library
Microsoft Research JavaScript Cryptography Library
CVE-2018-8319
Skype for Business
Skype for Business 2016 (64-bit)
Visual Studio
Visual Studio 2010, 2012, 2013, 2015, 2017
PowerShell Extension for Visual Studio Code
CVE-2018-8172
CVE-2018-8232
CVE-2018-8327
Wireless Display Adapter V2 Software
Wireless Display Adapter V2 Software Version 2.0.8350, 2.0.8372, 2.0.8365
CVE-2018-8306*
PowerShell Editor Services
Web Customizations for ADFS
CVE-2018-8326
We will not share your address. Unsubscribe anytime. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.