Patch Tuesday Archive
Patch Tuesday April 2018
Total CVEs
69
Critical
18
Important
40
Exploited
0
Publicly Disclosed
2
All CVEs this month 69
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed | Diffed |
|---|---|---|---|---|---|---|---|
| CVE-2018-0887 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Windows | - | - | - |
| CVE-2018-0890 | Active Directory Security Feature Bypass Vulnerability | Important | 5.3 |
Microsoft Windows | - | - | - |
| CVE-2018-0892 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Edge | - | - | - |
| CVE-2018-0956 | HTTP/2 Server Denial of Service Vulnerability | Important | 7.5 |
Windows IIS | - | - | - |
| CVE-2018-0957 | Windows Hyper-V Information Disclosure Vulnerability | Important | 7.2 |
Windows Hyper-V | - | - | - |
| CVE-2018-0960 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0963 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Windows | - | - | - |
| CVE-2018-0964 | Windows Hyper-V Information Disclosure Vulnerability | Important | 7.2 |
Windows Hyper-V | - | - | - |
| CVE-2018-0966 | Device Guard Security Feature Bypass Vulnerability | Important | 5.3 |
Microsoft Windows | - | - | - |
| CVE-2018-0967 | Windows SNMP Service Denial of Service Vulnerability | Important | 5.3 |
Microsoft Windows | - | - | - |
| CVE-2018-0968 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0969 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0976 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important | 5.3 |
Windows RDP | - | - | - |
| CVE-2018-0970 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0971 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0972 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0973 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0974 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0975 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-0987 | Scripting Engine Information Disclosure Vulnerability | Low | 4.3 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0988 | Scripting Engine Memory Corruption Vulnerability | Moderate | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0989 | Scripting Engine Information Disclosure Vulnerability | Low | 4.3 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0990 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0991 | Internet Explorer Memory Corruption Vulnerability | Moderate | 4.2 |
Internet Explorer | - | - | - |
| CVE-2018-0993 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0994 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0995 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0996 | Scripting Engine Memory Corruption Vulnerability | Moderate | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0997 | Internet Explorer Memory Corruption Vulnerability | Important | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-0998 | Microsoft Edge PDF Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Edge | - | - | - |
| CVE-2018-1000 | Scripting Engine Memory Corruption Vulnerability | Moderate | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-1001 | Scripting Engine Memory Corruption Vulnerability | Low | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-1003 | Microsoft JET Database Engine Remote Code Execution Vulnerability | Important | 7.1 |
Microsoft JET Database Engine | - | - | - |
| CVE-2018-1004 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical | 5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-1008 | Graphics Component Font Parsing Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - | - |
| CVE-2018-1009 | Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-1010 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-1012 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-1013 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-1015 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-1016 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-0950 | Microsoft Office Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1032 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1035 | Windows Security Feature Bypass Vulnerability | Important | 5.3 |
Device Guard | - | Yes | - |
| CVE-2018-1037 | Microsoft Visual Studio Information Disclosure Vulnerability | Important | - | Visual Studio | - | - | - |
| CVE-2018-8116 | Microsoft Graphics Component Denial of Service Vulnerability | Moderate | 4.4 |
Microsoft Windows | - | - | - |
| CVE-2018-8118 | Internet Explorer Memory Corruption Vulnerability | Low | - | Internet Explorer | - | - | - |
| CVE-2018-0870 | Internet Explorer Memory Corruption Vulnerability | Critical | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-0920 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-0979 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0980 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0981 | Scripting Engine Memory Corruption Vulnerability | Moderate | 6.4 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0986 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability | Critical | - | Microsoft Malware Protection Engine | - | - | - |
| CVE-2018-1005 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1007 | Microsoft Office Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1011 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1014 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1018 | Internet Explorer Memory Corruption Vulnerability | Critical | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-1026 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1027 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1028 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1029 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1030 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-1019 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-1020 | Internet Explorer Memory Corruption Vulnerability | Moderate | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-1023 | Microsoft Browser Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Browsers | - | - | - |
| CVE-2018-1034 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | Yes | - |
| ADV180007 | April 2018 Adobe Flash Security Update | Critical | - | Adobe Flash Player | - | - | - |
| CVE-2018-8117 | Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability | Important | - | Microsoft Devices | - | - | - |
Threat Categories 5
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 33 | 18 |
| Information Disclosure | 21 | - |
| Elevation of Privilege | 7 | - |
| Denial of Service | 4 | - |
| Security Feature Bypass | 4 | - |
Affected Products 17
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Scripting Engine | 15 | - |
| Microsoft Office | 13 | - |
| Windows Kernel | 10 | - |
| Internet Explorer | 6 | - |
| Microsoft Graphics Component | 6 | - |
| Microsoft Windows | 6 | - |
| Microsoft Edge | 2 | - |
| Windows Hyper-V | 2 | - |
| Adobe Flash Player | 1 | - |
| Device Guard | 1 | - |
| Microsoft Browsers | 1 | - |
| Microsoft Devices | 1 | - |
| Microsoft JET Database Engine | 1 | - |
| Microsoft Malware Protection Engine | 1 | - |
| Visual Studio | 1 | - |
| Windows IIS | 1 | - |
| Windows RDP | 1 | - |