September, 2018: Patch Tuesday: Come Meet Randy In Person at Ignite

Welcome to this September Patch Tuesday Bulletin.  This month we have 1 CVE being exploited, 7 platforms with critical updates, 70+ CVE’s listed, and one bulletin for Adobe Flash.  CVE-2018-8457 and CVE-2018-8409 are both publicly disclosed vulnerabilities, and although they are not currently exploited, exploitation is more likely.   CVE-2018-8440 is not only publicly disclosed but also being exploited.  Although Microsoft only rates its severity as important we feel that you will want to make sure this is patched since an elevation of privilege is at risk.   ADV180022 and ADV180023 have workarounds which your security teams may want to look in to deploying to mitigate these important vulnerabilities.  Test and deploy updates to hosts that are affected by these vulnerabilities as soon as possible.

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Today everything needs to be secure, but you need to start with Active Directory.  Because if Active Directory isn’t secure – nothing else in your organization is regardless of operating system, security products or procedures. 

That’s a strong statement but one that Randy Franklin Smith, creator of UltimateWindowsSecurity.com, will back up with facts.  In this fast-paced presentation Randy will spotlight the multitudinous ways that virtually any component or information on your network can be compromised if the attacker first gains unauthorized access to AD.

The good news is that Active Directory was designed well and has stood the test of time with limited weaknesses being discovered.  Active Directory security is a matter of design, comprehensive management and monitoring and this is the basis for a list of Fundamentals for Securing Active Directory that Randy will share. After his session come by the Quest booth and say hello to Randy and pick up a copy of his Security Log Quick Reference chart that he will be signing.

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:

 LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 9, 10, 11

Critical

CVE-2018-8463
CVE-2018-8464
CVE-2018-8465
CVE-2018-8466
CVE-2018-8467
CVE-2018-8469
CVE-2018-8470

*Workaround: No
**Exploited: No

Remote Code Execution
Information Disclosure
Elevation of Privilege
Security Feature Bypass
Spoofing

Edge

All

Critical

CVE-2018-8315
CVE-2018-8354
CVE-2018-8366
CVE-2018-8367
CVE-2018-8425
CVE-2018-8447
CVE-2018-8452
CVE-2018-8456
CVE-2018-8457
CVE-2018-8459
CVE-2018-8461

*Workaround: No
**Exploited: No

Remote Code Execution
Information Disclosure
Elevation of Privilege
Security Feature Bypass
Spoofing

Windows

Windows 7, 8.1, 8.1 RT, 10

Server 2008/2008 R2

Sever 2012, 2012 R2

Server 2016


Critical

CVE-2018-8420
CVE-2018-8422
CVE-2018-8424
CVE-2018-8433
CVE-2018-8434
ADV180022*
CVE-2018-0965
CVE-2018-8271
CVE-2018-8332
CVE-2018-8335
CVE-2018-8336
CVE-2018-8337
CVE-2018-8392
CVE-2018-8393
CVE-2018-8410
CVE-2018-8419
CVE-2018-8435
CVE-2018-8436
CVE-2018-8437
CVE-2018-8438
CVE-2018-8439
CVE-2018-8440**
CVE-2018-8441
CVE-2018-8442
CVE-2018-8443
CVE-2018-8444
CVE-2018-8445
CVE-2018-8446
CVE-2018-8449
CVE-2018-8455
CVE-2018-8462
CVE-2018-8468
CVE-2018-8475

*Workaround: Yes

**Exploited: Yes

Information Disclosure

Elevation of Privilege

Remote Code Execution

Security Feature Bypass

Denial of Service

Office, Office Services and Web Apps

Excel 2010, 2013, 2016

Word 2013, 2016

Web Apps Server 2010, 2013

SharePoint Server 2010 SP2, 2013 SP1, 2016 2016

Office 2016 for Mac 

Lync for Mac 2011

Critical

CVE-2018-8331
CVE-2018-8332
CVE-2018-8426
CVE-2018-8428
CVE-2018-8429
CVE-2018-8430
CVE-2018-8431
CVE-2018-8474

*Workaround: No

**Exploited: No

Information Disclosure

Remote Code Execution

Elevation of Privilege

Security Feature Bypass

 

ChakraCore

All

Critical

 CVE-2018-8315
CVE-2018-8354
CVE-2018-8367
CVE-2018-8391
CVE-2018-8452
CVE-2018-8456
CVE-2018-8459
CVE-2018-8465
CVE-2018-8466
CVE-2018-8467

*Workaround: No

**Exploited: No

Remote Code Execution

Information Disclosure

Adobe Flash Player

30.0.0.154 and earlier versions

Critical

ADV180023*

*Workaround: Yes

**Exploited: No

Remote Code Execution
Privilege Escalation
Information Disclosure

.NET Framework

ASP.NET Core 2.1
.NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2

Critical

CVE-2018-8421
CVE-2018-8409

*Workaround: No

**Exploited: No

Denial of Service
Remote Code Execution

Data.OData

Microsoft .Data.OData

Important

CVE-2018-8269

*Workaround: No

**Exploited: No

Denial of Service


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.