Patch Tuesday Archive
Patch Tuesday October 2018
Total CVEs
52
Critical
12
Important
37
Exploited
1
Publicly Disclosed
3
All CVEs this month 52
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed | Diffed |
|---|---|---|---|---|---|---|---|
| CVE-2018-8292 | .NET Core Information Disclosure Vulnerability | Important | - | .NET Core | - | - | - |
| CVE-2018-8320 | Windows DNS Security Feature Bypass Vulnerability | Important | 4.3 |
Microsoft Windows DNS | - | - | - |
| CVE-2018-8329 | Linux On Windows Elevation Of Privilege Vulnerability | Important | 7 |
Windows - Linux | - | - | - |
| CVE-2018-8330 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8333 | Microsoft Filter Manager Elevation Of Privilege Vulnerability | Important | 7 |
Microsoft Windows | - | - | - |
| CVE-2018-8411 | NTFS Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Windows | - | - | - |
| CVE-2018-8413 | Windows Theme API Remote Code Execution Vulnerability | Important | 5 |
Windows Shell | - | - | - |
| CVE-2018-8432 | Microsoft Graphics Components Remote Code Execution Vulnerability | Important | 5 |
Microsoft Office | - | - | - |
| CVE-2018-8453 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | Yes | - | - |
| CVE-2018-8473 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge | - | - | - |
| CVE-2018-8480 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office SharePoint | - | - | - |
| CVE-2018-8481 | Windows Media Player Information Disclosure Vulnerability | Important | 3.5 |
Windows Media Player | - | - | - |
| CVE-2018-8482 | Windows Media Player Information Disclosure Vulnerability | Important | 3.5 |
Windows Media Player | - | - | - |
| CVE-2018-8484 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8486 | DirectX Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8488 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office SharePoint | - | - | - |
| CVE-2018-8506 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | Important | 3.3 |
Microsoft Windows | - | - | - |
| CVE-2018-8518 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office SharePoint | - | - | - |
| CVE-2018-8569 | Yammer Desktop Application Remote Code Execution Vulnerability | Important | - | Microsoft Yammer | - | - | - |
| CVE-2018-8423 | Microsoft JET Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | Yes | - |
| CVE-2018-8427 | Microsoft Graphics Components Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Office | - | - | - |
| CVE-2018-8460 | Internet Explorer Memory Corruption Vulnerability | Critical | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-8265 | Microsoft Exchange Remote Code Execution Vulnerability | Important | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8448 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8472 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8489 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 7.6 |
Windows Hyper-V | - | - | - |
| CVE-2018-8490 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 7.6 |
Windows Hyper-V | - | - | - |
| CVE-2018-8491 | Internet Explorer Memory Corruption Vulnerability | Critical | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-8492 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability | Important | 5.3 |
Device Guard | - | - | - |
| CVE-2018-8493 | Windows TCP/IP Information Disclosure Vulnerability | Important | 5.9 |
Microsoft Windows | - | - | - |
| CVE-2018-8494 | MS XML Remote Code Execution Vulnerability | Critical | 7.5 |
Microsoft XML Core Services | - | - | - |
| CVE-2018-8495 | Windows Shell Remote Code Execution Vulnerability | Important | 4.2 |
Windows Shell | - | - | - |
| CVE-2018-8497 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Kernel | - | Yes | - |
| CVE-2018-8498 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office SharePoint | - | - | - |
| CVE-2018-8500 | Scripting Engine Memory Corruption Vulnerability | Critical | - | Microsoft Scripting Engine | - | - | - |
| CVE-2018-8501 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8502 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8503 | Chakra Scripting Engine Memory Corruption Vulnerability | Low | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8504 | Microsoft Word Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8505 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8509 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge | - | - | - |
| CVE-2018-8510 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8511 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8512 | Microsoft Edge Security Feature Bypass Vulnerability | Important | 4.2 |
Microsoft Edge | - | - | - |
| CVE-2018-8513 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2010-3190 | MFC Insecure Library Loading Vulnerability | Important | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8527 | SQL Server Management Studio Information Disclosure Vulnerability | Important | - | SQL Server | - | - | - |
| CVE-2018-8530 | Microsoft Edge Security Feature Bypass Vulnerability | Important | 4.3 |
Microsoft Edge | - | - | - |
| CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption Vulnerability | Important | - | Azure | - | Yes | - |
| ADV180026 | Microsoft Office Defense in Depth Update | None | - | Microsoft Office | - | - | - |
| CVE-2018-8532 | SQL Server Management Studio Information Disclosure Vulnerability | Important | - | SQL Server | - | - | - |
| CVE-2018-8533 | SQL Server Management Studio Information Disclosure Vulnerability | Moderate | - | SQL Server | - | - | - |
Threat Categories 5
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 23 | 12 |
| Information Disclosure | 13 | - |
| Elevation of Privilege | 11 | - |
| Security Feature Bypass | 4 | - |
| Defense in Depth | 1 | - |
Affected Products 21
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Office | 6 | - |
| Microsoft Scripting Engine | 6 | - |
| Microsoft Edge | 4 | - |
| Microsoft Graphics Component | 4 | 1 |
| Microsoft Office SharePoint | 4 | - |
| Microsoft Windows | 4 | - |
| Microsoft Exchange Server | 3 | - |
| SQL Server | 3 | - |
| Internet Explorer | 2 | - |
| Windows Hyper-V | 2 | - |
| Windows Kernel | 2 | - |
| Windows Media Player | 2 | - |
| Windows Shell | 2 | - |
| .NET Core | 1 | - |
| Azure | 1 | - |
| Device Guard | 1 | - |
| Microsoft JET Database Engine | 1 | - |
| Microsoft Windows DNS | 1 | - |
| Microsoft XML Core Services | 1 | - |
| Microsoft Yammer | 1 | - |
| Windows - Linux | 1 | - |