Microsoft today released security patch updates for 53 vulnerabilities, affecting Windows, Internet Explorer (IE), Edge, ChakraCore, .NET Framework, ASP.NET, PowerShell, Visual Studio, and Microsoft Office and Office Services, and Adobe Flash Player.
Out of 53 vulnerabilities, 17 are rated critical, 34 important, one moderate and one as low in severity.
This month there is no critical vulnerability patched in Microsoft Windows operating system and surprisingly, none of the flaw patched by the tech giant this month is listed as publicly known or under active attack.
Critical Flaws Patched In Microsoft Products
Most of the critical issues are memory corruption flaws in IE, Edge browser and Chakra scripting engine, which if successfully exploited, could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system in the context of the current user.
“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft explains.
One of these critical flaws (CVE-2018-8327), reported by researchers at Casaba Security, also affects PowerShell Editor Services that could allow a remote attacker to execute malicious code on a vulnerable system.
Here’s below you can find a brief list of all critical vulnerabilities Microsoft has patched this month in its various products:
- Scripting Engine Memory Corruption Vulnerability (CVE-2018-8242)
- Edge Memory Corruption Vulnerability (CVE-2018-8262)
- Edge Memory Corruption Vulnerability (CVE-2018-8274)
- Scripting Engine Memory Corruption Vulnerability (CVE-2018-8275)
- Scripting Engine Memory Corruption Vulnerability (CVE-2018-8279)
- Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8280)
- Scripting Engine Memory Corruption Vulnerability (CVE-2018-8283)
- Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8286)
- Scripting Engine Memory Corruption Vulnerability (CVE-2018-8288)
- Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8290)
- Scripting Engine Memory Corruption Vulnerability (CVE-2018-8291)
- Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8294)
- Scripting Engine Memory Corruption Vulnerability (CVE-2018-8296)
- Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8298)
- Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8301)
- Microsoft Edge Information Disclosure Vulnerability (CVE-2018-8324)
- PowerShell Editor Services Remote Code Execution Vulnerability (CVE-2018-8327)
Important Patch Updates for Microsoft Products
Besides this, Microsoft has also addressed 34 important flaws categorized as below:
- Microsoft Edge—Remote code execution (RCE), Information disclosure, spoofing, and security feature bypass flaws
- Microsoft Internet Explorer (IE)— RCE and security feature bypass flaws
- MS Office (Powerpoint, Word, Excel, Access, Lync, Skype)—security feature bypass, RCE, and elevation of privilege flaws
- Windows 10, 8.1, 7 and Server 2008, 2012, 2016—Denial of Service, security feature bypass, elevation of privilege flaws
- Microsoft .NET Framework—Elevation of privilege and RCE flaws
- Microsoft SharePoint—Elevation of Privilege, and RCE flaws
- ChakraCore—RCE, and security feature bypass vulnerabilities
- Microsoft Visual Studio—RCE flaw
- Expression Blend 4—RCE flaw
- ASP .NET—security feature bypass flaws
- Mail, Calendar, and People in Windows 8.1 App Store—information disclosure flaw
Besides this, Microsoft has also pushed security updates to patch vulnerabilities in Adobe products, details of which you can get through a separate article posted today.
Users are strongly advised to apply security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.
For installing security updates, simply head on to Settings → Update security → Windows Update → Check for updates, or you can install the updates manually.