August 2018 - Microsoft Releases Security Patches
Publish date: 29 de agosto de 2018
Fecha recomendada: 16 de agosto de 2018
Descripción
Microsoft addresses vulnerabilities in its August security bulletin. Trend Micro Deep Security covers the following:
- CVE-2018-8373 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the Internet Explorer scripting engine. Objects in memory may be corrupted by an attacker, causing the vulnerability. - CVE-2018-8414 - Windows Shell Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the way the Windows Shell validates file paths. An attacker must convince a user to open a specially-crafted file to exploit this vulnerability. - CVE-2018-0763 - Microsoft Edge Information Disclosure Vulnerability
Risk Rating: Critical
This information disclosure vulnerability exists in the way the Microsoft Edge handles objects in memory. An attacker must convince a user to access a specially-crafted file to exploit this vulnerability. - CVE-2018-1021 - Microsoft Edge Information Disclosure Vulnerability
Risk Rating: Important
This information disclosure vulnerability exists in the way the Microsoft Edge handles objects in memory. An attacker must convince a user to access a specially-crafted file to exploit this vulnerability. - CVE-2018-8266 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the handling of objects in memory by the Chakra scripting engine in Microsoft Edge. This handling is corrected by this specific patch. - CVE-2018-8344 - Microsoft Graphics Remote Code Execution Vulnerability
Risk Rating: Critical
The remote code execution vulnerability exists in the improper handling of specially crafted embedded fonts by the Windows font library. This handling is corrected by this specific patch. - CVE-2018-8345 - LNK Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in processing of .LNK files in Microsoft Windows. This handling is corrected by this specific patch. - CVE-2018-8353 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the handling of objects in memory by Internet Explorer. This handling is corrected by this specific patch. - CVE-2018-8355 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in Microsoft browsers. This handling is corrected by this specific patch. - CVE-2018-8371 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the way Internet Explorer handles objects in memory. This handling is corrected by this specific patch. - CVE-2018-8372 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the way Microsoft browsers handles objects in memory. This handling is corrected by this specific patch. - CVE-2018-8376 - Microsoft PowerPoint Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the way Microsoft PowerPoint handles objects in memory. This handling is corrected by this specific patch. - CVE-2018-8379 - Microsoft Excel Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the way Microsoft Excel handles objects in memory. This handling is corrected by this specific patch. - CVE-2018-8383 - Microsoft Excel Remote Code Execution Vulnerability
Risk Rating: Important
This spoofing vulnerability exists in the way Microsoft Edge parses HTTP content. This handling is corrected by this specific patch. - CVE-2018-8384 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the way the Chakra scripting engine in Microsoft Edge handles objects in memory. This handling is corrected by this specific patch. - CVE-2018-8387 - Microsoft Edge Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the accessing of objects in memory by Microsoft Edge. This handling is corrected by this specific patch. - CVE-2018-8389 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer. This handling is corrected by this specific patch. - CVE-2018-8401 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
Risk Rating: Important
This elevation of privilege vulnerability exists in the handling of objects in memory by the DirectX Graphics Kernel driver. This handling is corrected by this specific patch. - CVE-2018-8403 - Microsoft Browser Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the handling of objects in memory by Microsoft browsers. This handling is corrected by this specific patch. - CVE-2018-8404 - Win32k Elevation of Privilege Vulnerability
Risk Rating: Important
This elevation of privilege vulnerability exists in the handling of objects in memory by the Win32k component in Windows. This handling is corrected by this specific patch. - CVE-2018-8405 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
Risk Rating: Important
This elevation of privilege vulnerability exists in the handling of objects in memory by the DirectX Graphics Kernel driver. This handling is corrected by this specific patch. - CVE-2018-8406 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
Risk Rating: Important
This elevation of privilege vulnerability exists in the handling of objects in memory by the DirectX Graphics Kernel driver. This handling is corrected by this specific patch.
Revelación de la información
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection Compatibility |
CVE-2018-8345 | 1009242 | Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2018-8345) | 15-Aug-18 | YES |
CVE-2018-8266 | 1009240 | Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8266) | 15-Aug-18 | YES |
CVE-2018-8401 | 1009253 | Microsoft Windows DirectX Graphics Kernel Elevation Of Privilege Vulnerability (CVE-2018-8401) | 15-Aug-18 | YES |
CVE-2018-8344 | 1009241 | Microsoft Graphics Remote Code Execution Vulnerability (CVE-2018-8344) | 15-Aug-18 | YES |
CVE-2018-1021 | 1009217 | Microsoft Edge Information Disclosure Vulnerability (CVE-2018-1021) | 15-Aug-18 | YES |
CVE-2018-8405 | 1009256 | Microsoft Windows DirectX Graphics Kernel Elevation Of Privilege Vulnerability (CVE-2018-8405) | 15-Aug-18 | YES |
CVE-2018-8384 | 1009250 | Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8384) | 15-Aug-18 | YES |
CVE-2018-8383 | 1009249 | Microsoft Edge Spoofing Vulnerability (CVE-2018-8383) | 15-Aug-18 | YES |
CVE-2018-8404 | 1009255 | Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2018-8404) | 15-Aug-18 | YES |
CVE-2018-8376 | 1009247 | Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2018-8376) | 15-Aug-18 | YES |
CVE-2018-8389 | 1009252 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8389) | 15-Aug-18 | YES |
CVE-2018-8372 | 1009246 | Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8372) | 15-Aug-18 | YES |
CVE-2018-8353 | 1009243 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8353) | 15-Aug-18 | YES |
CVE-2018-8403 | 1009254 | Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2018-8403) | 15-Aug-18 | YES |
CVE-2018-8371 | 1009245 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8371) | 15-Aug-18 | YES |
CVE-2018-8355 | 1009244 | Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8355) | 15-Aug-18 | YES |
CVE-2018-8406 | 1009257 | Microsoft Windows DirectX Graphics Kernel Elevation Of Privilege Vulnerability (CVE-2018-8406) | 15-Aug-18 | YES |
CVE-2018-8387 | 1009251 | Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8387) | 15-Aug-18 | YES |
CVE-2018-0763 | 1009053 | Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0763) | 15-Aug-18 | YES |
CVE-2018-8379 | 1009248 | Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8379) | 15-Aug-18 | YES |