Patch Tuesday Archive
Patch Tuesday September 2018
Total CVEs
64
Critical
16
Important
46
Exploited
1
Publicly Disclosed
4
All CVEs this month 64
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed | Diffed |
|---|---|---|---|---|---|---|---|
| CVE-2018-0965 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 7.6 |
Windows Hyper-V | - | - | - |
| CVE-2018-8269 | OData Denial of Service Vulnerability | Important | - | ASP.NET | - | - | - |
| CVE-2018-8271 | Windows Information Disclosure Vulnerability | Important | 2.5 |
Microsoft Windows | - | - | - |
| CVE-2018-8315 | Microsoft Scripting Engine Information Disclosure Vulnerability | Important | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8335 | Windows SMB Denial of Service Vulnerability | Important | 4.8 |
Windows SMB Server | - | - | - |
| CVE-2018-8336 | Windows Kernel Information Disclosure Vulnerability | Important | 2.5 |
Windows Kernel | - | - | - |
| CVE-2018-8367 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8410 | Windows Registry Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Windows | - | - | - |
| CVE-2018-8419 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Media | - | - | - |
| ADV180022 | Windows Denial of Service Vulnerability | Important | - | Microsoft Windows | - | - | - |
| CVE-2018-8420 | MS XML Remote Code Execution Vulnerability | Critical | 7.5 |
Microsoft XML Core Services | - | - | - |
| CVE-2018-8422 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8424 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8425 | Microsoft Edge Spoofing Vulnerability | Important | 5.3 |
Microsoft Edge (HTML-based) | - | - | - |
| CVE-2018-8433 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8461 | Internet Explorer Memory Corruption Vulnerability | Critical | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-8462 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8475 | Windows Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | Yes | - |
| CVE-2018-8332 | Win32k Graphics Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8337 | Windows Subsystem for Linux Security Feature Bypass Vulnerability | Important | 5.3 |
Windows Subsystem for Linux | - | - | - |
| CVE-2018-8354 | Scripting Engine Memory Corruption Vulnerability | Important | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8366 | Microsoft Edge Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Edge (HTML-based) | - | - | - |
| CVE-2018-8391 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8392 | Microsoft JET Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - | - |
| CVE-2018-8393 | Microsoft JET Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - | - |
| CVE-2018-8409 | System.IO.Pipelines Denial of Service | Important | - | .NET Core | - | Yes | - |
| CVE-2018-8421 | .NET Framework Remote Code Execution Vulnerability | Critical | - | .NET Framework | - | - | - |
| CVE-2018-8426 | Microsoft Office SharePoint XSS Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8428 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8429 | Microsoft Excel Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8430 | Word PDF Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8431 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8434 | Windows Hyper-V Information Disclosure Vulnerability | Important | 5.4 |
Windows Hyper-V | - | - | - |
| CVE-2018-8435 | Windows Hyper-V Security Feature Bypass Vulnerability | Important | 4.2 |
Windows Hyper-V | - | - | - |
| CVE-2018-8436 | Windows Hyper-V Denial of Service Vulnerability | Important | 5.4 |
Windows Hyper-V | - | - | - |
| CVE-2018-8437 | Windows Hyper-V Denial of Service Vulnerability | Important | 5.4 |
Windows Hyper-V | - | - | - |
| CVE-2018-8438 | Windows Hyper-V Denial of Service Vulnerability | Important | 5.8 |
Microsoft Windows | - | - | - |
| CVE-2018-8439 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 7.6 |
Windows Hyper-V | - | - | - |
| CVE-2018-8440 | Windows ALPC Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Windows | Yes | Yes | - |
| CVE-2018-8441 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | 7 |
Windows Subsystem for Linux | - | - | - |
| CVE-2018-8442 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8443 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8444 | Windows SMB Information Disclosure Vulnerability | Important | 7 |
Windows SMB Server | - | - | - |
| CVE-2018-8445 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8446 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8447 | Internet Explorer Memory Corruption Vulnerability | Moderate | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-8449 | Device Guard Security Feature Bypass Vulnerability | Important | 5.3 |
Device Guard | - | - | - |
| CVE-2018-8452 | Scripting Engine Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8455 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - | - |
| CVE-2018-8456 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8457 | Scripting Engine Memory Corruption Vulnerability | Critical | 7.5 |
Microsoft Scripting Engine | - | Yes | - |
| CVE-2018-8459 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8463 | Microsoft Edge Elevation of Privilege Vulnerability | Important | 4.3 |
Microsoft Edge (HTML-based) | - | - | - |
| CVE-2018-8464 | Microsoft Edge PDF Remote Code Execution Vulnerability | Critical | 4.2 |
Microsoft Edge (HTML-based) | - | - | - |
| CVE-2018-8465 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8466 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8467 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8468 | Windows Elevation of Privilege Vulnerability | Important | 4.3 |
Windows Shell | - | - | - |
| CVE-2018-8469 | Microsoft Edge Elevation of Privilege Vulnerability | Important | 4.3 |
Microsoft Edge (HTML-based) | - | - | - |
| CVE-2018-8470 | Internet Explorer Security Feature Bypass Vulnerability | Important | 4.3 |
Internet Explorer | - | - | - |
| CVE-2018-8331 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| ADV180023 | September 2018 Adobe Flash Security Update | Important | - | Adobe Flash Player | - | - | - |
| CVE-2018-8474 | Lync for Mac 2011 Security Feature Bypass Vulnerability | Moderate | - | Microsoft Office | - | - | - |
| CVE-2018-8479 | Azure IoT SDK Spoofing Vulnerability | Important | - | Azure | - | - | - |
Threat Categories 6
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 22 | 16 |
| Information Disclosure | 19 | - |
| Elevation of Privilege | 9 | - |
| Denial of Service | 7 | - |
| Security Feature Bypass | 5 | - |
| Spoofing | 2 | - |
Affected Products 20
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Scripting Engine | 11 | - |
| Microsoft Office | 7 | - |
| Microsoft Graphics Component | 6 | - |
| Windows Hyper-V | 6 | - |
| Windows Kernel | 6 | - |
| Microsoft Edge (HTML-based) | 5 | - |
| Microsoft Windows | 5 | 1 |
| Internet Explorer | 3 | - |
| Microsoft JET Database Engine | 2 | - |
| Windows SMB Server | 2 | - |
| Windows Subsystem for Linux | 2 | - |
| .NET Core | 1 | - |
| .NET Framework | 1 | - |
| ASP.NET | 1 | - |
| Adobe Flash Player | 1 | - |
| Azure | 1 | - |
| Device Guard | 1 | - |
| Microsoft XML Core Services | 1 | - |
| Windows Media | 1 | - |
| Windows Shell | 1 | - |