Latest

Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Today is the October 2018 Patch Tuesday, which means a boatload of security updates are out for Microsoft products including Windows, Office, and Exchange Server. These updates fix known bugs and security vulnerabilities found within Microsoft’s products. This article will cover the security updates released today as part of the October 2018 Patch Tuesday. These updates […]


Patch Tuesday

Today is the October 2018 Patch Tuesday, which means a boatload of security updates are out for Microsoft products including Windows, Office, and Exchange Server. These updates fix known bugs and security vulnerabilities found within Microsoft’s products.

This article will cover the security updates released today as part of the October 2018 Patch Tuesday. These updates resolve 50 known vulnerabilities in Microsoft’s products, with 12 of them being labeled as critical.

For information about the non-security Windows updates, you can read about today’s Windows 10 KB4464330, KB4462919 and KB4462918 Cumulative Updates and the Microsoft Releases Windows 7 & 8.1 Cumulative Updates KB4462923 & KB4462926.

Critical Vulnerabilities fixed in the October 2018 Patch Tuesday updates

This Patch Tuesday fixes 12 Critical security vulnerabilities that when exploited could lead to code execution. These vulnerabilities are the most dangerous as if they are exploited could allow a remote attacker to execute commands on a vulnerable computer and essentially take full control.

CVE-2018-8473 – Microsoft Edge Memory Corruption Vulnerability is a  remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. 

CVE-2018-8460 – Internet Explorer Memory Corruption Vulnerability is a remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2018-8489 – Windows Hyper-V Remote Code Execution Vulnerability is a remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

CVE-2018-8490 – Windows Hyper-V Remote Code Execution Vulnerability is a remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

CVE-2018-8491 – Internet Explorer Memory Corruption Vulnerability is a remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.  

CVE-2018-8494 – MS XML Remote Code Execution Vulnerability is a remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system.

CVE-2018-8500 – Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2018-8505 – Chakra Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2018-8509 – Microsoft Edge Memory Corruption Vulnerability is a remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

CVE-2018-8510 – Chakra Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2018-8511 – Chakra Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2018-8513 – Chakra Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

The October 2018 Patch Tuesday Security Updates

Below is the full list of vulnerabilities resolved by the October 2018 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag CVE ID CVE Title
Azure CVE-2018-8531 Azure IoT Device Client SDK Memory Corruption Vulnerability
Device Guard CVE-2018-8492 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Internet Explorer CVE-2018-8460 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2018-8491 Internet Explorer Memory Corruption Vulnerability
Microsoft Edge CVE-2018-8473 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2018-8512 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2018-8530 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2018-8509 Microsoft Edge Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2010-3190 MFC Insecure Library Loading Vulnerability
Microsoft Exchange Server CVE-2018-8448 Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server CVE-2018-8265 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2018-8486 DirectX Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-8484 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8453 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-8472 Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2018-8423 Microsoft JET Database Engine Remote Code Execution Vulnerability
Microsoft Office ADV180026 Microsoft Office Defense in Depth Update
Microsoft Office CVE-2018-8501 Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8427 Microsoft Graphics Components Information Disclosure Vulnerability
Microsoft Office CVE-2018-8504 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8502 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8432 Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2018-8498 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2018-8480 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2018-8488 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2018-8518 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Scripting Engine CVE-2018-8511 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8500 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8505 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8503 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8510 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8513 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2018-8411 NTFS Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-8333 Microsoft Filter Manager Elevation Of Privilege Vulnerability
Microsoft Windows CVE-2018-8493 Windows TCP/IP Information Disclosure Vulnerability
Microsoft Windows CVE-2018-8506 Microsoft Windows Codecs Library Information Disclosure Vulnerability
Microsoft Windows DNS CVE-2018-8320 Windows DNS Security Feature Bypass Vulnerability
Microsoft XML Core Services CVE-2018-8494 MS XML Remote Code Execution Vulnerability
SQL Server CVE-2018-8527 SQL Server Management Studio Information Disclosure Vulnerability
SQL Server CVE-2018-8532 SQL Server Management Studio Information Disclosure Vulnerability
SQL Server CVE-2018-8533 SQL Server Management Studio Information Disclosure Vulnerability
Windows – Linux CVE-2018-8329 Linux On Windows Elevation Of Privilege Vulnerability
Windows Hyper-V CVE-2018-8489 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2018-8490 Windows Hyper-V Remote Code Execution Vulnerability
Windows Kernel CVE-2018-8330 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-8497 Windows Kernel Elevation of Privilege Vulnerability
Windows Media Player CVE-2018-8482 Windows Media Player Information Disclosure Vulnerability
Windows Media Player CVE-2018-8481 Windows Media Player Information Disclosure Vulnerability
Windows Shell CVE-2018-8413 Windows Theme API Remote Code Execution Vulnerability
Windows Shell CVE-2018-8495 Windows Shell Remote Code Execution Vulnerability
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top