Microsoft June 2018 Patch Tuesday
June 2018 Security Updates
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2018-8227 | No | No | - | - | Important | 4.2 | 3.8 |
CVE-2018-8229 | No | No | - | - | Critical | 4.2 | 3.8 |
Cortana Elevation of Privilege Vulnerability | |||||||
CVE-2018-8140 | No | No | Less Likely | Less Likely | Important | 6.8 | 5.9 |
Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | |||||||
CVE-2018-8201 | No | No | Less Likely | Less Likely | Important | 4.5 | 3.9 |
CVE-2018-8211 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
CVE-2018-8212 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
CVE-2018-8215 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
CVE-2018-8216 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
CVE-2018-8217 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
CVE-2018-8221 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
HIDParser Elevation of Privilege Vulnerability | |||||||
CVE-2018-8169 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.7 |
HTTP Protocol Stack Remote Code Execution Vulnerability | |||||||
CVE-2018-8231 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.7 |
HTTP.sys Denial of Service Vulnerability | |||||||
CVE-2018-8226 | No | No | Unlikely | Unlikely | Important | 5.3 | 4.8 |
Hypervisor Code Integrity Elevation of Privilege Vulnerability | |||||||
CVE-2018-8219 | No | No | Less Likely | Less Likely | Important | 7.6 | 6.8 |
Internet Explorer Memory Corruption Vulnerability | |||||||
CVE-2018-0978 | No | No | Less Likely | Less Likely | Important | 2.4 | 2.2 |
CVE-2018-8249 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
Internet Explorer Security Feature Bypass Vulnerability | |||||||
CVE-2018-8113 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.9 |
June 2018 Adobe Flash Security Update | |||||||
ADV180014 | No | No | - | - | Critical | ||
Media Foundation Memory Corruption Vulnerability | |||||||
CVE-2018-8251 | No | No | More Likely | More Likely | Critical | 4.2 | 3.8 |
Microsoft Edge Information Disclosure Vulnerability | |||||||
CVE-2018-0871 | No | No | - | - | Important | 4.3 | 3.9 |
CVE-2018-8234 | No | No | - | - | Important | 4.3 | 3.9 |
Microsoft Edge Memory Corruption Vulnerability | |||||||
CVE-2018-8110 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-8111 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2018-8236 | No | No | - | - | Critical | 4.2 | 3.8 |
Microsoft Edge Security Feature Bypass Vulnerability | |||||||
CVE-2018-8235 | No | No | - | - | Important | 4.3 | 3.9 |
Microsoft Excel Information Disclosure Vulnerability | |||||||
CVE-2018-8246 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2018-8248 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Office Defense in Depth Update | |||||||
ADV180015 | No | No | - | - | None | ||
Microsoft Office Elevation of Privilege Vulnerability | |||||||
CVE-2018-8245 | No | No | - | - | Important | ||
CVE-2018-8247 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Outlook Elevation of Privilege Vulnerability | |||||||
CVE-2018-8244 | No | No | Less Likely | Less Likely | Important | ||
Microsoft SharePoint Elevation of Privilege Vulnerability | |||||||
CVE-2018-8252 | No | No | Less Likely | Less Likely | Important | ||
CVE-2018-8254 | No | No | Less Likely | Less Likely | Important | ||
NTFS Elevation of Privilege Vulnerability | |||||||
CVE-2018-1036 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2018-8243 | No | No | - | - | Critical | 8.8 | 8.8 |
CVE-2018-8267 | Yes | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
WEBDAV Denial of Service Vulnerability | |||||||
CVE-2018-8175 | No | No | Less Likely | Less Likely | Important | 5.9 | 5.2 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2018-8233 | No | No | - | - | Important | 7.8 | 7.8 |
Windows Code Integrity Module Denial of Service Vulnerability | |||||||
CVE-2018-1040 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
Windows DNSAPI Remote Code Execution Vulnerability | |||||||
CVE-2018-8225 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.3 |
Windows Denial of Service Vulnerability | |||||||
CVE-2018-8205 | No | No | Unlikely | Unlikely | Important | 5.5 | 5.0 |
Windows Desktop Bridge Elevation of Privilege Vulnerability | |||||||
CVE-2018-8208 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.7 |
CVE-2018-8214 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.7 |
Windows Elevation of Privilege Vulnerability | |||||||
CVE-2018-0982 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
Windows GDI Information Disclosure Vulnerability | |||||||
CVE-2018-8239 | No | No | More Likely | More Likely | Important | 4.4 | 4.4 |
Windows Hyper-V Denial of Service Vulnerability | |||||||
CVE-2018-8218 | No | No | - | - | Important | 5.7 | 5.1 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2018-8224 | No | No | - | - | Important | 7.0 | 6.3 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2018-8207 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.2 |
CVE-2018-8121 | No | No | More Likely | More Likely | Important | 4.7 | 4.5 |
Windows Remote Code Execution Vulnerability | |||||||
CVE-2018-8210 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.6 |
CVE-2018-8213 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Windows Wireless Network Profile Information Disclosure Vulnerability | |||||||
CVE-2018-8209 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments
Anonymous
Jun 12th 2018
6 years ago
So I'm not sure how much value there is to know each patch's severity.
Anonymous
Jun 14th 2018
6 years ago
https://twitter.com/JordanTheITguy/status/1008709303354757121
"Quick Reminder - KB4132216 - this Service Stack upgrade was released AFTER Patch Tuesday in May. If you want to apply the JUNE security updates for server 2016 and Windows 10 - you'll need to make sure this gets installed first, other wise June Updates are NOT-Applicable."
Note that this means your WSUS will NOT list the June updates as required - until you have applied KB4132216..
Anonymous
Jun 19th 2018
6 years ago
Anonymous
Jun 19th 2018
6 years ago