Patch Tuesday Archive
Patch Tuesday December 2018
Total CVEs
41
Critical
9
Important
30
Exploited
2
Publicly Disclosed
1
All CVEs this month 41
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed | Diffed |
|---|---|---|---|---|---|---|---|
| CVE-2018-8477 | Windows Kernel Information Disclosure Vulnerability | Important | 3.3 |
Windows Kernel | - | - | - |
| CVE-2018-8514 | Windows Remote Procedure Call Information Disclosure Vulnerability | Important | 3.3 |
Microsoft Windows DNS | - | - | - |
| CVE-2018-8517 | .NET Framework Denial Of Service Vulnerability | Important | - | .NET Framework | - | Yes | - |
| CVE-2018-8540 | .NET Framework Remote Code Execution Injection Vulnerability | Critical | - | .NET Framework | - | - | - |
| CVE-2018-8587 | Microsoft Outlook Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8595 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8596 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8597 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8598 | Microsoft Excel Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8604 | Microsoft Exchange Server Tampering Vulnerability | Important | - | Microsoft Exchange Server | - | - | - |
| CVE-2018-8580 | Microsoft SharePoint Information Disclosure Vulnerability | Important | - | Microsoft Office SharePoint | - | - | - |
| CVE-2018-8583 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8599 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important | 7 |
Visual Studio | - | - | - |
| CVE-2018-8611 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | Yes | - | - |
| CVE-2018-8612 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8617 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8618 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8619 | Internet Explorer Remote Code Execution Vulnerability | Important | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-8621 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8622 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8624 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8625 | Windows VBScript Engine Remote Code Execution Vulnerability | Important | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8626 | Windows DNS Server Heap Overflow Vulnerability | Critical | 9.8 |
Microsoft Windows DNS | - | - | - |
| CVE-2018-8627 | Microsoft Excel Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8628 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8629 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8631 | Internet Explorer Memory Corruption Vulnerability | Moderate | 7.5 |
Internet Explorer | - | - | - |
| CVE-2018-8634 | Microsoft Text-To-Speech Remote Code Execution Vulnerability | Critical | 4.2 |
Windows Authentication Methods | - | - | - |
| CVE-2018-8635 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Important | - | Microsoft Office SharePoint | - | - | - |
| CVE-2018-8636 | Microsoft Excel Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - | - |
| CVE-2018-8637 | Win32k Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - | - |
| CVE-2018-8638 | DirectX Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8639 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Graphics Component | - | - | - |
| CVE-2018-8641 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel-Mode Drivers | - | - | - |
| CVE-2018-8643 | Scripting Engine Memory Corruption Vulnerability | Important | 7.5 |
Microsoft Scripting Engine | - | - | - |
| CVE-2018-8649 | Windows Denial of Service Vulnerability | Important | 5 |
Microsoft Windows | - | - | - |
| CVE-2018-8650 | Microsoft Office SharePoint XSS Vulnerability | Important | - | Microsoft Office SharePoint | - | - | - |
| ADV180031 | December 2018 Adobe Flash Security Update | Critical | - | Adobe Flash Player | - | - | - |
| CVE-2018-8651 | Microsoft Dynamics NAV Cross Site Scripting Vulnerability | Important | - | Microsoft Dynamics | - | - | - |
| CVE-2018-8652 | Windows Azure Pack Cross Site Scripting Vulnerability | Important | - | Windows Azure Pack | - | - | - |
| CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability | Moderate | 7.5 |
Internet Explorer | Yes | - | - |
Threat Categories 6
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 19 | 9 |
| Information Disclosure | 12 | - |
| Elevation of Privilege | 4 | - |
| Denial of Service | 3 | - |
| Spoofing | 2 | - |
| Tampering | 1 | - |
Affected Products 16
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Scripting Engine | 7 | - |
| Microsoft Office | 6 | - |
| Windows Kernel | 6 | 1 |
| Microsoft Graphics Component | 4 | - |
| Internet Explorer | 3 | 1 |
| Microsoft Office SharePoint | 3 | - |
| .NET Framework | 2 | - |
| Microsoft Windows DNS | 2 | - |
| Adobe Flash Player | 1 | - |
| Microsoft Dynamics | 1 | - |
| Microsoft Exchange Server | 1 | - |
| Microsoft Windows | 1 | - |
| Visual Studio | 1 | - |
| Windows Authentication Methods | 1 | - |
| Windows Azure Pack | 1 | - |
| Windows Kernel-Mode Drivers | 1 | - |