Randy Franklin Smith's Ultimate Windows Security

Welcome to this September Patch Tuesday Bulletin. This month we have 1 CVE being exploited, 7 platforms with critical updates, 70+ CVE’s listed, and one bulletin for Adobe Flash. CVE-2018-8457 and CVE-2018-8409 are both publicly disclosed vulnerabilities, and although they are not currently exploited, exploitation is more likely. CVE-2018-8440 is not only publicly disclosed but also being exploited. Although Microsoft only rates its severity as important we feel that you will want to make sure this is patched since an elevation of privilege is at risk. ADV180022 and ADV180023 have workarounds which your security teams may want to look in to deploying to mitigate these important vulnerabilities. Test and deploy updates to hosts that are affected by these vulnerabilities as soon as possible.

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Today everything needs to be secure, but you need to start with Active Directory. Because if Active Directory isn’t secure – nothing else in your organization is regardless of operating system, security products or procedures.

That’s a strong statement but one that Randy Franklin Smith, creator of UltimateWindowsSecurity.com, will back up with facts. In this fast-paced presentation Randy will spotlight the multitudinous ways that virtually any component or information on your network can be compromised if the attacker first gains unauthorized access to AD.

The good news is that Active Directory was designed well and has stood the test of time with limited weaknesses being discovered. Active Directory security is a matter of design, comprehensive management and monitoring and this is the basis for a list of Fundamentals for Securing Active Directory that Randy will share. After his session come by the Quest booth and say hello to Randy and pick up a copy of his Security Log Quick Reference chart that he will be signing.

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited	Vulnerability Info
Internet Explorer	IE 9, 10, 11	Critical	CVE-2018-8463 CVE-2018-8464 CVE-2018-8465 CVE-2018-8466 CVE-2018-8467 CVE-2018-8469 CVE-2018-8470	Workaround: No *Exploited: No	Remote Code Execution Information Disclosure Elevation of Privilege Security Feature Bypass Spoofing
Edge	All	Critical	CVE-2018-8315 CVE-2018-8354 CVE-2018-8366 CVE-2018-8367 CVE-2018-8425 CVE-2018-8447 CVE-2018-8452 CVE-2018-8456 CVE-2018-8457 CVE-2018-8459 CVE-2018-8461	Workaround: No *Exploited: No	Remote Code Execution Information Disclosure Elevation of Privilege Security Feature Bypass Spoofing
Windows	Windows 7, 8.1, 8.1 RT, 10 Server 2008/2008 R2 Sever 2012, 2012 R2 Server 2016	Critical	CVE-2018-8420 CVE-2018-8422 CVE-2018-8424 CVE-2018-8433 CVE-2018-8434 ADV180022* CVE-2018-0965 CVE-2018-8271 CVE-2018-8332 CVE-2018-8335 CVE-2018-8336 CVE-2018-8337 CVE-2018-8392 CVE-2018-8393 CVE-2018-8410 CVE-2018-8419 CVE-2018-8435 CVE-2018-8436 CVE-2018-8437 CVE-2018-8438 CVE-2018-8439 CVE-2018-8440** CVE-2018-8441 CVE-2018-8442 CVE-2018-8443 CVE-2018-8444 CVE-2018-8445 CVE-2018-8446 CVE-2018-8449 CVE-2018-8455 CVE-2018-8462 CVE-2018-8468 CVE-2018-8475	Workaround: Yes *Exploited: Yes	Information Disclosure Elevation of Privilege Remote Code Execution Security Feature Bypass Denial of Service
Office, Office Services and Web Apps	Excel 2010, 2013, 2016 Word 2013, 2016 Web Apps Server 2010, 2013 SharePoint Server 2010 SP2, 2013 SP1, 2016 2016 Office 2016 for Mac Lync for Mac 2011	Critical	CVE-2018-8331 CVE-2018-8332 CVE-2018-8426 CVE-2018-8428 CVE-2018-8429 CVE-2018-8430 CVE-2018-8431 CVE-2018-8474	Workaround: No *Exploited: No	Information Disclosure Remote Code Execution Elevation of Privilege Security Feature Bypass
ChakraCore	All	Critical	CVE-2018-8315 CVE-2018-8354 CVE-2018-8367 CVE-2018-8391 CVE-2018-8452 CVE-2018-8456 CVE-2018-8459 CVE-2018-8465 CVE-2018-8466 CVE-2018-8467	Workaround: No *Exploited: No	Remote Code Execution Information Disclosure
Adobe Flash Player	30.0.0.154 and earlier versions	Critical	ADV180023*	Workaround: Yes *Exploited: No	Remote Code Execution Privilege Escalation Information Disclosure
.NET Framework	ASP.NET Core 2.1 .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2	Critical	CVE-2018-8421 CVE-2018-8409	Workaround: No *Exploited: No	Denial of Service Remote Code Execution
Data.OData	Microsoft .Data.OData	Important	CVE-2018-8269	Workaround: No *Exploited: No	Denial of Service

Research security patch database

Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.

Home

User name:
Password:
	/ Forgot?
	Register

September 2018 Patch Tuesday	"Patch Tuesday: Come Meet Randy In Person at Ignite " - sponsored by LOGbinder

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2018 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.