August 2018 - Microsoft Releases Security Patches

Publish Date: 29 août 2018

Date du conseil: 16 août 2018

Description

Microsoft addresses vulnerabilities in its August security bulletin. Trend Micro Deep Security covers the following:

CVE-2018-8373 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the Internet Explorer scripting engine. Objects in memory may be corrupted by an attacker, causing the vulnerability.

CVE-2018-8414 - Windows Shell Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the way the Windows Shell validates file paths. An attacker must convince a user to open a specially-crafted file to exploit this vulnerability.

CVE-2018-0763 - Microsoft Edge Information Disclosure Vulnerability
Risk Rating: Critical

This information disclosure vulnerability exists in the way the Microsoft Edge handles objects in memory. An attacker must convince a user to access a specially-crafted file to exploit this vulnerability.

CVE-2018-1021 - Microsoft Edge Information Disclosure Vulnerability
Risk Rating: Important

This information disclosure vulnerability exists in the way the Microsoft Edge handles objects in memory. An attacker must convince a user to access a specially-crafted file to exploit this vulnerability.

CVE-2018-8266 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the handling of objects in memory by the Chakra scripting engine in Microsoft Edge. This handling is corrected by this specific patch.

CVE-2018-8344 - Microsoft Graphics Remote Code Execution Vulnerability
Risk Rating: Critical

The remote code execution vulnerability exists in the improper handling of specially crafted embedded fonts by the Windows font library. This handling is corrected by this specific patch.

CVE-2018-8345 - LNK Remote Code Execution Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in processing of .LNK files in Microsoft Windows. This handling is corrected by this specific patch.

CVE-2018-8353 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the handling of objects in memory by Internet Explorer. This handling is corrected by this specific patch.

CVE-2018-8355 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in Microsoft browsers. This handling is corrected by this specific patch.

CVE-2018-8371 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the way Internet Explorer handles objects in memory. This handling is corrected by this specific patch.

CVE-2018-8372 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the way Microsoft browsers handles objects in memory. This handling is corrected by this specific patch.

CVE-2018-8376 - Microsoft PowerPoint Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the way Microsoft PowerPoint handles objects in memory. This handling is corrected by this specific patch.

CVE-2018-8379 - Microsoft Excel Remote Code Execution Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the way Microsoft Excel handles objects in memory. This handling is corrected by this specific patch.

CVE-2018-8383 - Microsoft Excel Remote Code Execution Vulnerability
Risk Rating: Important

This spoofing vulnerability exists in the way Microsoft Edge parses HTTP content. This handling is corrected by this specific patch.

CVE-2018-8384 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the way the Chakra scripting engine in Microsoft Edge handles objects in memory. This handling is corrected by this specific patch.

CVE-2018-8387 - Microsoft Edge Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the accessing of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.

CVE-2018-8389 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Important

This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer. This handling is corrected by this specific patch.

CVE-2018-8401 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability exists in the handling of objects in memory by the DirectX Graphics Kernel driver. This handling is corrected by this specific patch.

CVE-2018-8403 - Microsoft Browser Memory Corruption Vulnerability
Risk Rating: Critical

This remote code execution vulnerability exists in the handling of objects in memory by Microsoft browsers. This handling is corrected by this specific patch.

CVE-2018-8404 - Win32k Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability exists in the handling of objects in memory by the Win32k component in Windows. This handling is corrected by this specific patch.

CVE-2018-8405 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability exists in the handling of objects in memory by the DirectX Graphics Kernel driver. This handling is corrected by this specific patch.

CVE-2018-8406 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
Risk Rating: Important

This elevation of privilege vulnerability exists in the handling of objects in memory by the DirectX Graphics Kernel driver. This handling is corrected by this specific patch.

Information Exposure Rating:

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection Compatibility

CVE-2018-8345 1009242 Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2018-8345) 15-Aug-18 YES

CVE-2018-8266 1009240 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8266) 15-Aug-18 YES

CVE-2018-8401 1009253 Microsoft Windows DirectX Graphics Kernel Elevation Of Privilege Vulnerability (CVE-2018-8401) 15-Aug-18 YES

CVE-2018-8344 1009241 Microsoft Graphics Remote Code Execution Vulnerability (CVE-2018-8344) 15-Aug-18 YES

CVE-2018-1021 1009217 Microsoft Edge Information Disclosure Vulnerability (CVE-2018-1021) 15-Aug-18 YES

CVE-2018-8405 1009256 Microsoft Windows DirectX Graphics Kernel Elevation Of Privilege Vulnerability (CVE-2018-8405) 15-Aug-18 YES

CVE-2018-8384 1009250 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8384) 15-Aug-18 YES

CVE-2018-8383 1009249 Microsoft Edge Spoofing Vulnerability (CVE-2018-8383) 15-Aug-18 YES

CVE-2018-8404 1009255 Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2018-8404) 15-Aug-18 YES

CVE-2018-8376 1009247 Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2018-8376) 15-Aug-18 YES

CVE-2018-8389 1009252 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8389) 15-Aug-18 YES

CVE-2018-8372 1009246 Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8372) 15-Aug-18 YES

CVE-2018-8353 1009243 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8353) 15-Aug-18 YES

CVE-2018-8403 1009254 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2018-8403) 15-Aug-18 YES

CVE-2018-8371 1009245 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8371) 15-Aug-18 YES

CVE-2018-8355 1009244 Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8355) 15-Aug-18 YES

CVE-2018-8406 1009257 Microsoft Windows DirectX Graphics Kernel Elevation Of Privilege Vulnerability (CVE-2018-8406) 15-Aug-18 YES

CVE-2018-8387 1009251 Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8387) 15-Aug-18 YES

CVE-2018-0763 1009053 Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0763) 15-Aug-18 YES

CVE-2018-8379 1009248 Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8379) 15-Aug-18 YES

August 2018 - Microsoft Releases Security Patches

Description

Information Exposure Rating:

Ressources

Support

À propos de Trend

Siège social national

Vulnerability ID	DPI Rule Number	DPI Rule Name	Release Date	Vulnerability Protection Compatibility
CVE-2018-8345	1009242	Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2018-8345)	15-Aug-18	YES
CVE-2018-8266	1009240	Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8266)	15-Aug-18	YES
CVE-2018-8401	1009253	Microsoft Windows DirectX Graphics Kernel Elevation Of Privilege Vulnerability (CVE-2018-8401)	15-Aug-18	YES
CVE-2018-8344	1009241	Microsoft Graphics Remote Code Execution Vulnerability (CVE-2018-8344)	15-Aug-18	YES
CVE-2018-1021	1009217	Microsoft Edge Information Disclosure Vulnerability (CVE-2018-1021)	15-Aug-18	YES
CVE-2018-8405	1009256	Microsoft Windows DirectX Graphics Kernel Elevation Of Privilege Vulnerability (CVE-2018-8405)	15-Aug-18	YES
CVE-2018-8384	1009250	Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8384)	15-Aug-18	YES
CVE-2018-8383	1009249	Microsoft Edge Spoofing Vulnerability (CVE-2018-8383)	15-Aug-18	YES
CVE-2018-8404	1009255	Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2018-8404)	15-Aug-18	YES
CVE-2018-8376	1009247	Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2018-8376)	15-Aug-18	YES
CVE-2018-8389	1009252	Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8389)	15-Aug-18	YES
CVE-2018-8372	1009246	Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8372)	15-Aug-18	YES
CVE-2018-8353	1009243	Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8353)	15-Aug-18	YES
CVE-2018-8403	1009254	Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2018-8403)	15-Aug-18	YES
CVE-2018-8371	1009245	Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8371)	15-Aug-18	YES
CVE-2018-8355	1009244	Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8355)	15-Aug-18	YES
CVE-2018-8406	1009257	Microsoft Windows DirectX Graphics Kernel Elevation Of Privilege Vulnerability (CVE-2018-8406)	15-Aug-18	YES
CVE-2018-8387	1009251	Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8387)	15-Aug-18	YES
CVE-2018-0763	1009053	Microsoft Edge Information Disclosure Vulnerability (CVE-2018-0763)	15-Aug-18	YES
CVE-2018-8379	1009248	Microsoft Excel Remote Code Execution Vulnerability (CVE-2018-8379)	15-Aug-18	YES

August 2018 - Microsoft Releases Security Patches

Description

Information Exposure Rating:

Ressources

Support

À propos de Trend

Siège social national

Amérique

Moyen-Orient et Afrique

Europe

Asie-Pacifique