Overview  

On Tuesday, Microsoft released September 2018 security updates to fix 64 vulnerabilities, ranging from spoofing attacks to remote code execution vulnerabilities. Affected products include .NET Core, Active Directory, Adobe Flash Player, Azure, BitLocker, Internet Explorer, Microsoft Drivers, Microsoft Dynamics, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JScript, Microsoft Office, Microsoft Office SharePoint, Microsoft PowerShell, Microsoft RPC, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows Search Component, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, Windows Audio Service, and Windows Kernel.

The following table lists related information (information in red indicates that those vulnerabilities are high-risk).

Product CVE ID CVE Title
.NET Core CVE-2018-8416 .NET Core Tampering Vulnerability
Active Directory CVE-2018-8547 Active Directory Federation Services XSS Vulnerability
Adobe Flash Player ADV180025 November 2018 Adobe Flash Security Update
Azure CVE-2018-8600 Azure App Service Cross-site Scripting Vulnerability
BitLocker CVE-2018-8566 BitLocker Security Feature Bypass Vulnerability
Internet Explorer CVE-2018-8570 Internet Explorer Memory Corruption Vulnerability
Microsoft Drivers CVE-2018-8471 Microsoft RemoteFX Virtual GPU Miniport Driver Privilege Escalation Vulnerability
Microsoft Dynamics CVE-2018-8605 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8606 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8607 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8608 Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability
Microsoft Dynamics CVE-2018-8609 Microsoft Dynamics 365 (on-premises) Version 8 Remote Code Execution Vulnerability
Microsoft Edge CVE-2018-8564 Microsoft Edge Spoofing Vulnerability
Microsoft Edge CVE-2018-8545 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-8567 Microsoft Edge Privilege Escalation Vulnerability
Microsoft Exchange Server CVE-2018-8581 Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Graphics Component CVE-2018-8485 DirectX Privilege Escalation Vulnerability
Microsoft Graphics Component CVE-2018-8553 Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2018-8554 DirectX Privilege Escalation Vulnerability
Microsoft Graphics Component CVE-2018-8561 DirectX Privilege Escalation Vulnerability
Microsoft Graphics Component CVE-2018-8562 Win32k Privilege Escalation Vulnerability
Microsoft Graphics Component CVE-2018-8563 DirectX Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-8565 Win32k Information Disclosure Vulnerability
Microsoft JScript CVE-2018-8417 Microsoft Jscript Security Feature Bypass Vulnerability
Microsoft Office CVE-2018-8522 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8576 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8524 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8539 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8558 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office CVE-2018-8573 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8574 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8575 Microsoft Project Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8582 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8577 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8579 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2018-8572 Microsoft SharePoint Privilege Escalation Vulnerability
Microsoft Office SharePoint CVE-2018-8568 Microsoft SharePoint Privilege Escalation Vulnerability
Microsoft Office SharePoint CVE-2018-8578 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft PowerShell CVE-2018-8256 Microsoft PowerShell Remote Code Execution Vulnerability
Microsoft PowerShell CVE-2018-8415 Microsoft PowerShell Tampering Vulnerability
Microsoft RPC CVE-2018-8407 MSRPC Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-8588 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8541 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8542 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8543 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8544 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2018-8551 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8552 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8555 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8556 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8557 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2018-8476 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Microsoft Windows CVE-2018-8592 Windows Elevation Of Privilege Vulnerability
Microsoft Windows CVE-2018-8549 Windows Security Feature Bypass Vulnerability
Microsoft Windows CVE-2018-8550 Windows COM Privilege Escalation Vulnerability
Microsoft Windows CVE-2018-8584 Windows ALPC Privilege Escalation Vulnerability
Microsoft Windows ADV180028 Guidance for configuring BitLocker to enforce software encryption
Microsoft Windows Search Component CVE-2018-8450 Windows Search Remote Code Execution Vulnerability
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Skype for Business and Microsoft Lync CVE-2018-8546 Microsoft Skype for Business Denial-of-Service Vulnerability
Team Foundation Server CVE-2018-8602 Team Foundation Server Cross-site Scripting Vulnerability
Windows Audio Service CVE-2018-8454 Windows Audio Service Information Disclosure Vulnerability
Windows Kernel CVE-2018-8589 Windows Win32k Privilege Escalation Vulnerability
Windows Kernel CVE-2018-8408 Windows Kernel Information Disclosure Vulnerability

Recommended Solution

Microsoft has officially released security updates. Users are advised to load these patches as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

Home

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

download: 1120-Microsoft Released September 2018 Patches to Fix 64 Security Vulnerabilities Threat Alert

Leave a Reply

Your email address will not be published. Required fields are marked *