Patch Tuesday Archive
Patch Tuesday July 2018
Total CVEs
54
Critical
16
Important
34
Exploited
0
Publicly Disclosed
2
All CVEs this month 54
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed | Diffed |
|---|---|---|---|---|---|---|---|
| CVE-2018-0949 | Internet Explorer Security Feature Bypass Vulnerability | Low | 4.3 |
Internet Explorer | - | - | - |
| CVE-2018-8172 | Visual Studio Remote Code Execution Vulnerability | Important | - | Visual Studio | - | - | - |
| CVE-2018-8202 | .NET Framework Elevation of Privilege Vulnerability | Important | - | .NET Framework | - | - | - |
| CVE-2018-8206 | Windows Firewall Denial of Service Vulnerability | Important | 7.5 |
Microsoft Windows | - | - | - |
| CVE-2018-8222 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | Important | 5.3 |
Device Guard | - | - | - |
| CVE-2018-8232 | Microsoft Macro Assembler Tampering Vulnerability | Moderate | - | Visual Studio | - | - | - |
| CVE-2018-8242 | Scripting Engine Memory Corruption Vulnerability | Moderate | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8356 | .NET Framework Security Feature Bypass Vulnerability | Important | - | .NET Framework | - | - | - |
| CVE-2018-8260 | .NET Framework Remote Code Execution Vulnerability | Important | - | .NET Framework | - | - | - |
| CVE-2018-8262 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge | - | - | - |
| CVE-2018-8274 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge | - | - | - |
| CVE-2018-8275 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8276 | Scripting Engine Security Feature Bypass Vulnerability | Important | 4.3 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8278 | Microsoft Edge Spoofing Vulnerability | Important | - | Microsoft Edge | - | - | - |
| CVE-2018-8279 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8280 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8281 | Microsoft Office Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8282 | Win32k Elevation of Privilege Vulnerability | Important | 8.8 |
Windows Kernel | - | - | - |
| CVE-2018-8283 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8284 | .NET Framework Remote Code Execution Injection Vulnerability | Important | - | .NET Framework | - | - | - |
| CVE-2018-8286 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8287 | Scripting Engine Memory Corruption Vulnerability | Important | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8288 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8289 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important | 4.2 |
Microsoft Edge | - | - | - |
| CVE-2018-8290 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8291 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8294 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8296 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8297 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Edge | - | - | - |
| CVE-2018-8298 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8301 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge | - | - | - |
| CVE-2018-8313 | Windows Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Windows | - | Yes | - |
| CVE-2018-8319 | MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability | Important | - | Microsoft Windows | - | - | - |
| CVE-2018-8323 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8326 | Open Source Customization for Active Directory Federation Services XSS Vulnerability | Important | - | Active Directory | - | - | - |
| CVE-2018-8327 | PowerShell Editor Services Remote Code Execution Vulnerability | Critical | - | Microsoft PowerShell | - | - | - |
| CVE-2018-8125 | Microsoft Edge Memory Corruption Vulnerability | Important | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8171 | ASP.NET Security Feature Bypass Vulnerability | Important | - | ASP.NET | - | - | - |
| CVE-2018-8238 | Skype for Business and Lync Security Feature Bypass Vulnerability | Important | - | Skype for Business and Microsoft Lync | - | - | - |
| CVE-2018-8299 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8300 | Microsoft SharePoint Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8304 | Windows DNSAPI Denial of Service Vulnerability | Important | 5.9 |
Microsoft Windows DNS | - | - | - |
| CVE-2018-8305 | Windows Mail Client Information Disclosure Vulnerability | Important | - | Microsoft Windows | - | - | - |
| CVE-2018-8306 | Microsoft Wireless Display Adapter Command Injection Vulnerability | Important | 5.5 |
Microsoft Devices | - | - | - |
| CVE-2018-8307 | WordPad Security Feature Bypass Vulnerability | Important | 5.3 |
Microsoft WordPad | - | - | - |
| CVE-2018-8308 | Windows Kernel Elevation of Privilege Vulnerability | Important | 6.6 |
Microsoft Windows | - | - | - |
| CVE-2018-8309 | Windows Denial of Service Vulnerability | Important | 5.5 |
Microsoft Windows | - | - | - |
| CVE-2018-8310 | Microsoft Office Tampering Vulnerability | Low | - | Microsoft Office | - | - | - |
| CVE-2018-8311 | Remote Code Execution Vulnerability in Skype For Business and Lync | Important | - | Skype for Business and Microsoft Lync | - | - | - |
| CVE-2018-8312 | Microsoft Access Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| ADV180017 | July 2018 Adobe Flash Security Update | Important | - | Adobe Flash Player | - | - | - |
| CVE-2018-8314 | Windows Elevation of Privilege Vulnerability | Important | 4.3 |
Windows Shell | - | Yes | - |
| CVE-2018-8324 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.3 |
Microsoft Edge | - | - | - |
| CVE-2018-8325 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Edge | - | - | - |
Threat Categories 7
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 27 | 15 |
| Security Feature Bypass | 8 | - |
| Elevation of Privilege | 7 | - |
| Information Disclosure | 5 | 1 |
| Denial of Service | 3 | - |
| Spoofing | 2 | - |
| Tampering | 2 | - |
Affected Products 18
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Scripting Engine | 15 | - |
| Microsoft Edge | 8 | - |
| Microsoft Office | 6 | - |
| Microsoft Windows | 6 | - |
| .NET Framework | 4 | - |
| Skype for Business and Microsoft Lync | 2 | - |
| Visual Studio | 2 | - |
| ASP.NET | 1 | - |
| Active Directory | 1 | - |
| Adobe Flash Player | 1 | - |
| Device Guard | 1 | - |
| Internet Explorer | 1 | - |
| Microsoft Devices | 1 | - |
| Microsoft PowerShell | 1 | - |
| Microsoft Windows DNS | 1 | - |
| Microsoft WordPad | 1 | - |
| Windows Kernel | 1 | - |
| Windows Shell | 1 | - |