Patch Tuesday Archive
Patch Tuesday May 2018
Total CVEs
72
Critical
22
Important
47
Exploited
2
Publicly Disclosed
3
All CVEs this month 72
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed | Diffed |
|---|---|---|---|---|---|---|---|
| CVE-2018-0854 | Windows Security Feature Bypass Vulnerability | Important | 4.3 |
Device Guard | - | - | - |
| CVE-2018-0958 | Windows Security Feature Bypass Vulnerability | Important | 5.3 |
Microsoft Windows | - | - | - |
| CVE-2018-0959 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 7.6 |
Windows Hyper-V | - | - | - |
| CVE-2018-0961 | Hyper-V vSMB Remote Code Execution Vulnerability | Critical | 7.6 |
Windows Hyper-V | - | - | - |
| CVE-2018-8119 | Azure IoT SDK Spoofing Vulnerability | Important | - | Azure | - | - | - |
| CVE-2018-8122 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8124 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8126 | Internet Explorer Security Feature Bypass Vulnerability | Important | 5.3 |
Internet Explorer | - | - | - |
| CVE-2018-8127 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8128 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8129 | Windows Security Feature Bypass Vulnerability | Important | 5.3 |
Device Guard | - | - | - |
| CVE-2018-8130 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8132 | Windows Security Feature Bypass Vulnerability | Important | 5.3 |
Device Guard | - | - | - |
| CVE-2018-8134 | Windows Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - | - |
| CVE-2018-8133 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8136 | Windows Remote Code Execution Vulnerability | Low | 6.5 |
Microsoft Windows | - | - | - |
| CVE-2018-8137 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8139 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8145 | Scripting Engine Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8897 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - | - |
| ADV180008 | May 2018 Adobe Flash Security Update | Critical | - | Adobe Flash Player | - | - | - |
| CVE-2018-8151 | Microsoft Exchange Memory Corruption Vulnerability | Important | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8152 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8154 | Microsoft Exchange Memory Corruption Vulnerability | Critical | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8155 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8156 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8160 | Microsoft Outlook Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8161 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8162 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8163 | Microsoft Excel Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8164 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8165 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8166 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - | - |
| CVE-2018-8167 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7 |
Common Log File System Driver | - | - | - |
| CVE-2018-8168 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8173 | Microsoft InfoPath Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8176 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | Yes | - |
| CVE-2018-8177 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| ADV180012 | Microsoft Guidance for Speculative Store Bypass | Important | 7.1 |
Microsoft Surface Book | - | - | - |
| ADV180013 | Microsoft Guidance for Rogue System Register Read | Important | - | Microsoft Surface Book | - | - | - |
| CVE-2018-0824 | Microsoft COM for Windows Remote Code Execution Vulnerability | Important | 7.5 |
Windows COM | - | - | - |
| CVE-2018-0943 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0945 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0946 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0951 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0953 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0954 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-0955 | Scripting Engine Memory Corruption Vulnerability | Moderate | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-1021 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Edge | - | - | - |
| CVE-2018-1022 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-1025 | Microsoft Browser Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Browsers | - | - | - |
| CVE-2018-1039 | .NET Framework Device Guard Security Feature Bypass Vulnerability | Important | - | .NET Framework | - | - | - |
| CVE-2018-8112 | Microsoft Edge Security Feature Bypass Vulnerability | Important | 4.3 |
Microsoft Edge | - | - | - |
| CVE-2018-8114 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8115 | Windows Host Compute Service Shim Remote Code Execution Vulnerability | Critical | - | GitHub | - | - | - |
| CVE-2018-8120 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | Yes | - | - |
| CVE-2018-8123 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important | 4.2 |
Microsoft Edge | - | - | - |
| CVE-2018-8141 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | Yes | - |
| CVE-2018-8142 | Windows Security Feature Bypass Vulnerability | Important | 5.3 |
Microsoft Windows | - | - | - |
| CVE-2018-8147 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8148 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8149 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8150 | Microsoft Outlook Security Feature Bypass Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8153 | Microsoft Exchange Spoofing Vulnerability | Low | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8157 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8158 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8159 | Microsoft Exchange Elevation of Privilege Vulnerability | Important | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8170 | Windows Image Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Windows | - | Yes | - |
| CVE-2018-8174 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical | 7.5 |
Microsoft Windows | Yes | - | - |
| CVE-2018-8178 | Microsoft Browser Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Browsers | - | - | - |
| CVE-2018-8179 | Microsoft Edge Memory Corruption Vulnerability | Important | 4.2 |
Microsoft Edge | - | - | - |
| CVE-2018-0765 | .NET and .NET Core Denial of Service Vulnerability | Important | - | .NET Framework | - | - | - |
Threat Categories 6
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 33 | 22 |
| Elevation of Privilege | 16 | - |
| Information Disclosure | 10 | - |
| Security Feature Bypass | 10 | - |
| Spoofing | 2 | - |
| Denial of Service | 1 | - |
Affected Products 18
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Scripting Engine | 17 | - |
| Microsoft Office | 15 | - |
| Microsoft Exchange Server | 5 | - |
| Microsoft Windows | 5 | 1 |
| Windows Kernel | 5 | - |
| Microsoft Edge | 4 | - |
| Microsoft Graphics Component | 4 | 1 |
| Device Guard | 3 | - |
| .NET Framework | 2 | - |
| Microsoft Browsers | 2 | - |
| Microsoft Surface Book | 2 | - |
| Windows Hyper-V | 2 | - |
| Adobe Flash Player | 1 | - |
| Azure | 1 | - |
| Common Log File System Driver | 1 | - |
| GitHub | 1 | - |
| Internet Explorer | 1 | - |
| Windows COM | 1 | - |