Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 53 new vulnerabilities, with 18 of them rated critical, 33 are rated Important, and one is listed as Moderate in severity. These vulnerabilities impact Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Windows kernel, Microsoft Scripting Engine, Microsoft SharePoint, .NET Framework, Visual Studio and more.


Interesting Vulnerabilities

  • Windows DNSAPI Denial of Service Vulnerability : This bug (CVE-2018-8304) could allow remote attackers to shut down a DNS server through merely a malformed DNS response.
  • Microsoft Office Tampering Vulnerability : An attacker exploiting this vulnerability (CVE-2018-8310) could embed untrusted TrueType fonts into an email. Bugs in fonts have been forerunner since 2013 and have been used in malware attacks. This bug could allow them to spread and possibly even bypass traditional filters.
  • Microsoft Wireless Display Adapter Command Injection Vulnerability : This vulnerability (CVE-2018-8306) requires authentication and could cause the display to malfunction. While the bug itself isn’t that bad, the update scenario sounds taxing. The patch is a firmware update and taxing to implement.
  • MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability : This vulnerability (CVE-2018-8319) allows an attacker to generate signatures that mimic the entity associated with a public/private key pair. While this doesn’t appear to circumvent authentic public/private key pairs, it likely can be used by malware authors to make their attacks appear genuine.

July 2018 patch Tuesday release consists of security updates for the following softwares:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office
  • ChakraCore
  • Adobe Flash Player
  • Microsoft Visual Studio
  • PowerShell
  • Skype for Business and Lync
  • Microsoft SharePoint

Microsoft security bulletin summary for July 2018:

Product : Internet Explorer
CVE’s/Advisory : CVE-2018-0949, CVE-2018-8242, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296
Severity : Critical
Impact : Remote Code Execution, Security Feature Bypass
KB’s : 4338814, 4338815, 4338818, 4338819, 4338825, 4338826, 4338829, 4338830, 4339093


Product : Microsoft Edge
CVE’s/Advisory : CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8276, CVE-2018-8278, CVE-2018-8279, CVE-2018-8280, CVE-2018-8286, CVE-2018-8287, CVE-2018-8288, CVE-2018-8289, CVE-2018-8290, CVE-2018-8291, CVE-2018-8294, CVE-2018-8297, CVE-2018-8301, CVE-2018-8324, CVE-2018-8325
Severity : Critical
Impact : Information Disclosure, Remote Code Execution, Spoofing, Security Feature Bypass
KB’s : 4338814, 4338819, 4338825, 4338826, 4338829


Product : Adobe Flash Player
CVE’s/Advisory : ADV180017
Severity : Important
Impact : Remote Code Execution
KB’s : 4338832


Product : ChakraCore
CVE’s/Advisory : CVE-2018-8275, CVE-2018-8276, CVE-2018-8279, CVE-2018-8280, CVE-2018-8283, CVE-2018-8286, CVE-2018-8287, CVE-2018-8288, CVE-2018-8290, CVE-2018-8291, CVE-2018-8294, CVE-2018-8298
Severity : Critical
Impact : Remote Code Execution


Product : .Net and Visual Studio
CVE’s/Advisory : CVE-2018-8171, CVE-2018-8172, CVE-2018-8202, CVE-2018-8232, CVE-2018-8260, CVE-2018-8284, CVE-2018-8327, CVE-2018-8356
Severity : Important
Impact : Elevation of Privilege, Impact, Remote Code Execution, Security Feature Bypass, Tampering
KB’s : 4336919, 4336946, 4336986, 4336999, 4338415, 4338416, 4338417, 4338418, 4338419, 4338420, 4338421, 4338422, 4338423, 4338424, 4338600, 4338601, 4338602, 4338604, 4338605, 4338606, 4338610, 4338611, 4338612, 4338613, 4338814, 4338819, 4338825, 4338826, 4338829, 4339279


Product : PowerShell
CVE’s/Advisory : CVE-2018-8327
Severity : Critical
Impact : Remote Code Execution


Product : Microsoft Exchange Server
CVE’s/Advisory : ADV180010
Severity : None
Impact : None
KB’s : 4295699, 4099855, 4099852


Product : Microsoft Office
CVE’s/Advisory : CVE-2018-8238, CVE-2018-8281, CVE-2018-8299, CVE-2018-8300, CVE-2018-8310, CVE-2018-8311, CVE-2018-8312, CVE-2018-8323
Severity : Important
Impact : Elevation of Privilege, Impact, Remote Code Execution, Security Feature Bypass, Tampering
KB’s : 4011202, 4018338, 4018351, 4022200, 4022202, 4022218, 4022221, 4022224, 4022225, 4022228, 4022235, 4022243, 4032214


Product : Windows
CVE’s/Advisory : ADV180016, CVE-2018-8206, CVE-2018-8222, CVE-2018-8282, CVE-2018-8304, CVE-2018-8307, CVE-2018-8308, CVE-2018-8309, CVE-2018-8313, CVE-2018-8314
Severity : Important
Impact : Denial of Service, Elevation of Privilege, Impact, Information Disclosure, Security Feature Bypass
KB’s : 4291391, 4293756, 4295656, 4338814, 4338815, 4338818, 4338819, 4338820, 4338823, 4338824, 4338825, 4338826, 4338829, 4338830, 4339291, 4339503, 4339854, 4340583


Product : Mail, Calendar, and People in Windows 8.1 App Store
CVE’s/Advisory : CVE-2018-8305
Severity : Important
Impact : Information Disclosure


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Patch Tuesday: Microsoft Security Bulletin Summary for July 2018
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for July 2018
Author
Publisher Name
SecPod Technologies
Publisher Logo
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>