Are you ready for the latest in security patch updates? I’m not, but it’s that time again.
Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are rated critical and 39 as important in severity.
Only one of these vulnerabilities: CVE-2018-8267 | Scripting Engine Memory Corruption Vulnerability is a remote code execution flaw (CVE-2018-8267) in the scripting engine, is listed as being publicly known at the time of release. The flaw exists within the IE rendering engine and triggers when it fails to properly handle the error objects, allowing an attacker to execute arbitrary code in the context of the currently logged-in user.
There are a few others included are:
CVE-2018-8225 | Windows DNSAPI Remote Code Execution Vulnerability
The most critical bug Microsoft patched this month is a remote code execution vulnerability (CVE-2018-8225) exists in Windows Domain Name System (DNS) DNSAPI.dll, affecting all versions of Windows starting from 7 to 10, as well as Windows Server editions.
The vulnerability resides in the way Windows parses DNS responses, which could be exploited by sending corrupted DNS responses to a targeted system from an attacker-controlled malicious DNS server.
CVE-2018-8231 | HTTP Protocol Stack Remote Code Execution Vulnerability
The critical bug is a remote code execution flaw (CVE-2018-8231) in the HTTP protocol stack (HTTP.sys) of Windows 10 and Windows Server 2016, which could allow remote attackers to execute arbitrary code and take control of the affected systems.
CVE-2018-8213 | Windows Remote Code Execution Vulnerability
Critical remote code execution vulnerability (CVE-2018-8213) affecting Windows 10 and Windows Server exist in the way the operating system handles objects in memory. Successful exploitation could allow an attacker to take control of an affected Windows PC.