Patch Tuesday Archive
Patch Tuesday August 2018
Total CVEs
63
Critical
18
Important
38
Exploited
2
Publicly Disclosed
2
All CVEs this month 63
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed | Diffed |
|---|---|---|---|---|---|---|---|
| CVE-2018-8204 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | Important | 5.3 |
Device Guard | - | - | - |
| CVE-2018-8253 | Microsoft Cortana Elevation of Privilege Vulnerability | Important | 4 |
Windows Shell | - | - | - |
| CVE-2018-8266 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8316 | Internet Explorer Remote Code Execution Vulnerability | Important | 7.5 |
Internet Explorer | - | - | - |
| ADV180018 | Microsoft Guidance to mitigate L1TF variant | Important | 7.1 |
Microsoft Windows | - | - | - |
| CVE-2018-8358 | Microsoft Edge Security Feature Bypass Vulnerability | Important | 4.7 |
Microsoft Edge | - | - | - |
| CVE-2018-8360 | .NET Framework Information Disclosure Vulnerability | Important | - | .NET Framework | - | - | - |
| CVE-2018-8370 | Microsoft Edge Information Disclosure Vulnerability | Important | 3.1 |
Microsoft Edge | - | - | - |
| CVE-2018-8371 | Scripting Engine Memory Corruption Vulnerability | Moderate | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8372 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8373 | Scripting Engine Memory Corruption Vulnerability | Moderate | 7.5 |
Microsoft Scripting Engine | Yes | Yes | - |
| CVE-2018-8375 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8376 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8377 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge | - | - | - |
| CVE-2018-8380 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8381 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8383 | Microsoft Edge Spoofing Vulnerability | Important | 4.3 |
Microsoft Edge | - | - | - |
| CVE-2018-8384 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8385 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8388 | Microsoft Edge Spoofing Vulnerability | Low | 5.4 |
Microsoft Edge | - | - | - |
| CVE-2018-8389 | Scripting Engine Memory Corruption Vulnerability | Important | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8390 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8394 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8396 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8397 | GDI+ Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8398 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8399 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - | - |
| CVE-2018-8400 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8401 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8403 | Microsoft Browser Memory Corruption Vulnerability | Moderate | 4.2 |
Microsoft Browsers | - | - | - |
| CVE-2018-8404 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - | - |
| CVE-2018-8405 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8406 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| ADV180020 | August 2018 Adobe Flash Security Update | Critical | - | Adobe Flash Player | - | - | - |
| ADV180021 | Microsoft Office Defense in Depth Update | Unknown | - | Microsoft Office | - | - | - |
| CVE-2018-0952 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | Important | 6.7 |
Windows Diagnostic Hub | - | - | - |
| CVE-2018-8200 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | Important | 5.3 |
Device Guard | - | - | - |
| CVE-2018-8273 | Microsoft SQL Server Remote Code Execution Vulnerability | Critical | - | SQL Server | - | - | - |
| CVE-2018-8302 | Microsoft Exchange Memory Corruption Vulnerability | Critical | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8339 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.4 |
Windows Installer | - | - | - |
| CVE-2018-8340 | ADFS Security Feature Bypass Vulnerability | Important | 6.5 |
Windows Authentication Methods | - | - | - |
| CVE-2018-8341 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8342 | Windows NDIS Elevation of Privilege Vulnerability | Important | 7 |
Windows RNDIS | - | - | - |
| CVE-2018-8343 | Windows NDIS Elevation of Privilege Vulnerability | Important | 7 |
Windows NDIS | - | - | - |
| CVE-2018-8344 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | 7.8 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8345 | LNK Remote Code Execution Vulnerability | Critical | 7.5 |
Microsoft Windows | - | - | - |
| CVE-2018-8346 | LNK Remote Code Execution Vulnerability | Important | 7.5 |
Microsoft Windows | - | - | - |
| CVE-2018-8347 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - | - |
| CVE-2018-8348 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8349 | Microsoft COM for Windows Remote Code Execution Vulnerability | Important | 7 |
Windows COM | - | - | - |
| CVE-2018-8350 | Windows PDF Remote Code Execution Vulnerability | Critical | 4.2 |
Microsoft Windows PDF | - | - | - |
| CVE-2018-8351 | Microsoft Browser Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Browsers | - | - | - |
| CVE-2018-8353 | Scripting Engine Memory Corruption Vulnerability | Low | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8355 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8357 | Microsoft Browser Elevation of Privilege Vulnerability | Important | 7.5 |
Microsoft Browsers | - | - | - |
| CVE-2018-8359 | Scripting Engine Memory Corruption Vulnerability | Critical | 5.3 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8374 | Microsoft Exchange Server Tampering Vulnerability | Moderate | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8378 | Microsoft Office Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8379 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8382 | Microsoft Excel Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8387 | Microsoft Edge Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Edge | - | - | - |
| CVE-2018-8412 | Microsoft (MAU) Office Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8414 | Windows Shell Remote Code Execution Vulnerability | Important | 4.8 |
Windows Shell | Yes | Yes | - |
Threat Categories 7
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 30 | 18 |
| Elevation of Privilege | 14 | - |
| Information Disclosure | 11 | - |
| Security Feature Bypass | 4 | - |
| Spoofing | 2 | - |
| Defense in Depth | 1 | - |
| Tampering | 1 | - |
Affected Products 21
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Scripting Engine | 13 | 1 |
| Microsoft Graphics Component | 9 | - |
| Microsoft Office | 7 | - |
| Microsoft Edge | 6 | - |
| Windows Kernel | 5 | - |
| Microsoft Browsers | 3 | - |
| Microsoft Windows | 3 | - |
| Device Guard | 2 | - |
| Microsoft Exchange Server | 2 | - |
| Windows Shell | 2 | 1 |
| .NET Framework | 1 | - |
| Adobe Flash Player | 1 | - |
| Internet Explorer | 1 | - |
| Microsoft Windows PDF | 1 | - |
| SQL Server | 1 | - |
| Windows Authentication Methods | 1 | - |
| Windows COM | 1 | - |
| Windows Diagnostic Hub | 1 | - |
| Windows Installer | 1 | - |
| Windows NDIS | 1 | - |
| Windows RNDIS | 1 | - |