Microsoft May 2018 Patch Tuesday
Microsoft patched to vulnerabilities that have already been exploited in the wild:
CVE-2018-8174, a remote code execution vulnerability in the VBScript Engine.
CVE-2018-8120, a privilege escalation vulnerability in Win32k..
CVE-2018-8170. another privilege escalation vulnerabilty patched this month was known publicly, but has not been detected in exploits so far.
In addtion, CVE-2018-8115, which was already patched last week, is included in this months patch round-up.
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
.NET Framework Device Guard Security Feature Bypass Vulnerability | |||||||
CVE-2018-1039 | No | No | Less Likely | Less Likely | Important | ||
.NET and .NET Core Denial of Service Vulnerability | |||||||
CVE-2018-0765 | No | No | Unlikely | Unlikely | Important | ||
Azure IoT SDK Spoofing Vulnerability | |||||||
CVE-2018-8119 | No | No | - | - | Important | ||
Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2018-8130 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-8133 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-8145 | No | No | Unlikely | Unlikely | Important | 2.4 | 2.2 |
CVE-2018-8177 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-0943 | No | No | - | - | Critical | 4.2 | 3.8 |
DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2018-8165 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
Hyper-V Remote Code Execution Vulnerability | |||||||
CVE-2018-0959 | No | No | Less Likely | Less Likely | Critical | 7.6 | 6.8 |
Hyper-V vSMB Remote Code Execution Vulnerability | |||||||
CVE-2018-0961 | No | No | Less Likely | Less Likely | Critical | 7.6 | 6.8 |
Internet Explorer Security Feature Bypass Vulnerability | |||||||
CVE-2018-8126 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
May 2018 Adobe Flash Security Update | |||||||
ADV180008 | No | No | - | - | Critical | ||
Microsoft Browser Information Disclosure Vulnerability | |||||||
CVE-2018-1025 | No | No | More Likely | More Likely | Important | 4.3 | 3.9 |
Microsoft Browser Memory Corruption Vulnerability | |||||||
CVE-2018-8178 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
Microsoft COM for Windows Remote Code Execution Vulnerability | |||||||
CVE-2018-0824 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
Microsoft Edge Information Disclosure Vulnerability | |||||||
CVE-2018-1021 | No | No | - | - | Important | 4.3 | 3.9 |
Microsoft Edge Memory Corruption Vulnerability | |||||||
CVE-2018-8123 | No | No | - | - | Important | 4.2 | 3.8 |
CVE-2018-8179 | No | No | - | - | Important | 4.2 | 3.8 |
Microsoft Edge Security Feature Bypass Vulnerability | |||||||
CVE-2018-8112 | No | No | - | - | Important | 4.3 | 3.9 |
Microsoft Excel Information Disclosure Vulnerability | |||||||
CVE-2018-8163 | No | No | More Likely | More Likely | Important | ||
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2018-8162 | No | No | More Likely | More Likely | Important | ||
CVE-2018-8147 | No | No | More Likely | More Likely | Important | ||
CVE-2018-8148 | No | No | More Likely | More Likely | Important | ||
Microsoft Exchange Elevation of Privilege Vulnerability | |||||||
CVE-2018-8159 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Exchange Memory Corruption Vulnerability | |||||||
CVE-2018-8151 | No | No | Less Likely | Less Likely | Important | ||
CVE-2018-8154 | No | No | Less Likely | Less Likely | Critical | ||
Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
CVE-2018-8152 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Exchange Spoofing Vulnerability | |||||||
CVE-2018-8153 | No | No | Less Likely | Less Likely | Low | ||
Microsoft InfoPath Remote Code Execution Vulnerability | |||||||
CVE-2018-8173 | No | No | - | - | Important | ||
Microsoft Office Remote Code Execution Vulnerability | |||||||
CVE-2018-8161 | No | No | Less Likely | Less Likely | Important | ||
CVE-2018-8157 | No | No | More Likely | More Likely | Important | ||
CVE-2018-8158 | No | No | More Likely | More Likely | Important | ||
Microsoft Outlook Information Disclosure Vulnerability | |||||||
CVE-2018-8160 | No | No | - | - | Important | ||
Microsoft Outlook Security Feature Bypass Vulnerability | |||||||
CVE-2018-8150 | No | No | - | - | Important | ||
Microsoft SharePoint Elevation of Privilege Vulnerability | |||||||
CVE-2018-8155 | No | No | Less Likely | Less Likely | Important | ||
CVE-2018-8156 | No | No | Less Likely | Less Likely | Important | ||
CVE-2018-8168 | No | No | - | - | Important | ||
CVE-2018-8149 | No | No | Less Likely | Less Likely | Important | ||
Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2018-8122 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
CVE-2018-8128 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-8137 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-8139 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-0945 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-0946 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-0951 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-0953 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-0954 | No | No | More Likely | More Likely | Critical | 4.2 | 3.8 |
CVE-2018-0955 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
CVE-2018-1022 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
CVE-2018-8114 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2018-8124 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2018-8164 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2018-8166 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2018-8120 | No | Yes | - | - | Important | 7.0 | 6.3 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
CVE-2018-8167 | No | No | More Likely | More Likely | Important | 7.0 | 6.7 |
Windows Elevation of Privilege Vulnerability | |||||||
CVE-2018-8134 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
Windows Host Compute Service Shim Remote Code Execution Vulnerability | |||||||
CVE-2018-8115 | No | No | Unlikely | Unlikely | Critical | ||
Windows Image Elevation of Privilege Vulnerability | |||||||
CVE-2018-8170 | Yes | No | More Likely | More Likely | Important | 7.0 | 6.3 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2018-8897 | No | No | Unlikely | Unlikely | Important | 7.0 | 6.3 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2018-8127 | No | No | More Likely | More Likely | Important | 4.7 | 4.2 |
CVE-2018-8141 | Yes | No | - | - | Important | 4.7 | 4.2 |
Windows Remote Code Execution Vulnerability | |||||||
CVE-2018-8136 | No | No | Less Likely | Less Likely | Low | 6.5 | 5.9 |
Windows Security Feature Bypass Vulnerability | |||||||
CVE-2018-0854 | No | No | Unlikely | Unlikely | Important | 2.4 | 2.2 |
CVE-2018-0958 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
CVE-2018-8129 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
CVE-2018-8132 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
Windows VBScript Engine Remote Code Execution Vulnerability | |||||||
CVE-2018-8174 | No | Yes | Detected | Detected | Critical | 7.5 | 7.0 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
Keywords:
1 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments
See https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170017
Anonymous
May 8th 2018
6 years ago