Today Microsoft released regular monthly patches, fixing a total of 50 vulnerabilities. Among these Microsoft rated 11 as Critical and rest 39 as Important. These vulnerabilities impact Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Exchange Server, ASP.NET Core, .NET Core, PowerShell Core, ChakraCore, Microsoft Office, and Microsoft Office Services and Web Apps.

This month there are no Zero day vulnerabilities, but Microsoft included security patch for publicly known vulnerability (CVE-2018-8267) in scripting engine. This vulnerability exists due to, the way objects are handled in memory. An attacker could exploit this vulnerability by corrupting memory in such a way that it leads to could execute arbitrary code in the context of the logged-in user.


Interesting Vulnerabilities:

CVE-2018-8225Microsoft Windows DNSAPI Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses. An attacker who successfully exploited the vulnerability could run arbitrary code by simply tricking a target DNS server into querying an evil server that sends the corrupted response. Microsoft fixed this vulnerability by modifying how Windows DNSAPI.dll handles DNS responses.

CVE-2018-8231HTTP Protocol Stack Remote Code Execution Vulnerability
 A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code by sending a specially crafted packet to a targeted Http.sys server. This has been fixed by correcting how HTTP Protocol Stack(Http.sys) handles objects in memory.

CVE-2018-8140Cortana Elevation of Privilege Vulnerability
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. This has been fixed by ensuring Cortana considers status when retrieves information from input services.


June 2018 patch tuesday release consists of security updates for the following softwares:
– Internet Explorer
– Microsoft Edge
– Microsoft Windows
– Microsoft Office, Microsoft Office Services and Web Apps
– ChakraCore
– Adobe Flash Player


Microsoft security bulletin summary for June 2018:

Product : Internet Explorer
CVE’s/Advisory : CVE-2018-0978, CVE-2018-8113, CVE-2018-8249, CVE-2018-8267
Severity : Critical
Impact : Remote Code Execution, Security Feature Bypass
KB’s : 4230450, 4284815, 4284819, 4284826, 4284835, 4284855, 4284860, 4284874, 4284880


Product : Microsoft Edge
CVE’s/Advisory : CVE-2018-0871, CVE-2018-8110, CVE-2018-8111, CVE-2018-8227, CVE-2018-8229, CVE-2018-8234, CVE-2018-8235, CVE-2018-8236
Severity : Critical
Impact : Information Disclosure, Remote Code Execution, Security Feature Bypass
KB’s : 4284819, 4284835, 4284860, 4284874, 4284880


Product : Microsoft Windows
CVE’s/Advisory : CVE-2018-0982, CVE-2018-1036, CVE-2018-1040, CVE-2018-8121, CVE-2018-8140, CVE-2018-8169, CVE-2018-8175, CVE-2018-8201, CVE-2018-8205, CVE-2018-8207, CVE-2018-8208, CVE-2018-8209, CVE-2018-8210, CVE-2018-8211, CVE-2018-8212, CVE-2018-8213, CVE-2018-8214, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8218, CVE-2018-8219, CVE-2018-8221, CVE-2018-8224, CVE-2018-8225, CVE-2018-8226, CVE-2018-8231, CVE-2018-8233, CVE-2018-8239, CVE-2018-8251
Severity : Critical
Impact : Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KB’s : 4230467, 4234459, 4284815, 4284819, 4284826, 4284835, 4284846, 4284855, 4284860, 4284867, 4284874, 4284878, 4284880, 4294413


Product : Microsoft Office and Microsoft Office Services and Web Apps
CVE’s/Advisory : ADV180015, CVE-2018-8244, CVE-2018-8245, CVE-2018-8246, CVE-2018-8247, CVE-2018-8248, CVE-2018-8252, CVE-2018-8254
Severity : Important
Impact : Defense in Depth, Elevation of Privilege, Information Disclosure, Remote Code Execution
KB’s : 3115197, 3115248, 4011026, 4011186, 4018387, 4018391, 4022151, 4022160, 4022169, 4022173, 4022174, 4022177, 4022179, 4022182, 4022183, 4022190, 4022191, 4022196, 4022197, 4022199, 4022203, 4022205, 4022209, 4022210


Product : ChakraCore
CVE’s/Advisory : CVE-2018-8227, CVE-2018-8229, CVE-2018-8243
Severity : Critical
Impact : Remote Code Execution


Product : Adobe Flash Player
CVE’s/Advisory : ADV180014
Severity : Critical
Impact : Remote Code Execution
KB’s : 4287903


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

 

Summary
patch tuesday microsoft security bulletin summary for june 2018
Article Name
patch tuesday microsoft security bulletin summary for june 2018
Author
Publisher Name
SecPod Technologies Pvt Ltd
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>