Threat Level: green Handler on Duty: Richard Porter

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-12-11 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft December 2018 Patch Tuesday

Published: 2018-12-11
Last Updated: 2018-12-11 20:58:52 UTC
by Richard Porter (Version: 1)
0 comment(s)

December 2018 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Denial Of Service Vulnerability
CVE-2018-8517 Yes No Unlikely Unlikely Important    
.NET Framework Remote Code Injection Vulnerability
CVE-2018-8540 No No Less Likely Less Likely Critical    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8583 No No - - Critical 4.2 3.8
CVE-2018-8617 No No - - Critical 4.2 3.8
CVE-2018-8618 No No - - Critical 4.2 3.8
CVE-2018-8624 No No - - Critical 4.2 3.8
CVE-2018-8629 No No - - Critical 4.2 3.8
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVE-2018-8612 No No More Likely More Likely Important 4.7 4.7
December 2018 Adobe Flash Security Update
ADV180031 No No - - Critical    
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2018-8599 No No More Likely More Likely Important 7.0 6.3
DirectX Information Disclosure Vulnerability
CVE-2018-8638 No No - - Important 4.7 4.2
Internet Explorer Memory Corruption Vulnerability
CVE-2018-8631 No No More Likely More Likely Critical 6.4 5.8
Internet Explorer Remote Code Execution Vulnerability
CVE-2018-8619 No No More Likely More Likely Important 6.4 5.8
Microsoft Dynamics NAV Cross Site Scripting Vulnerability
CVE-2018-8651 No No Less Likely Less Likely Important    
Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8598 No No Less Likely Less Likely Important    
CVE-2018-8627 No No Less Likely Less Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8597 No No More Likely More Likely Important    
CVE-2018-8636 No No Less Likely Less Likely Important    
Microsoft Exchange Server Tampering Vulnerability
CVE-2018-8604 No No Less Likely Less Likely Important    
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2018-8587 No No More Likely More Likely Important    
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2018-8628 No No More Likely More Likely Important    
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2018-8580 No No Unlikely Unlikely Important    
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2018-8635 No No Unlikely Unlikely Important    
Microsoft Text-To-Speech Remote Code Execution Vulnerability
CVE-2018-8634 No No More Likely More Likely Critical 4.2 3.8
Remote Procedure Call runtime Information Disclosure Vulnerability
CVE-2018-8514 No No Less Likely Less Likely Important 3.3 3.3
Scripting Engine Memory Corruption Vulnerability
CVE-2018-8643 No No More Likely More Likely Important 6.4 5.8
Win32k Elevation of Privilege Vulnerability
CVE-2018-8639 No No More Likely More Likely Important 7.0 6.3
CVE-2018-8641 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2018-8637 No No More Likely More Likely Important 4.7 4.2
Windows Azure Pack Cross Site Scripting Vulnerability
CVE-2018-8652 No No - - Important    
Windows DNS Server Heap Overflow Vulnerability
CVE-2018-8626 No No Less Likely Less Likely Critical 9.8 8.8
Windows Denial of Service Vulnerability
CVE-2018-8649 No No - - Important 5.0 4.5
Windows GDI Information Disclosure Vulnerability
CVE-2018-8595 No No More Likely More Likely Important 4.7 4.2
CVE-2018-8596 No No More Likely More Likely Important 4.7 4.2
Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8611 No Yes Detected More Likely Important 7.0 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2018-8477 No No More Likely More Likely Important 3.3 3.3
CVE-2018-8621 No No - - Important 4.7 4.1
CVE-2018-8622 No No - - Important 4.7 4.1
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-8625 No No More Likely More Likely Important 6.4 5.8

 

For a detailed breakdown please see Renato's Dashboard: 

https://patchtuesdaydashboard.com/

0 comment(s)
ISC Stormcast For Tuesday, December 11th 2018 https://isc.sans.edu/podcastdetail.html?id=6288
Diary Archives