Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Microsoft December 2018 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft December 2018 Patch Tuesday

December 2018 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Denial Of Service Vulnerability
CVE-2018-8517 Yes No Unlikely Unlikely Important    
.NET Framework Remote Code Injection Vulnerability
CVE-2018-8540 No No Less Likely Less Likely Critical    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8583 No No - - Critical 4.2 3.8
CVE-2018-8617 No No - - Critical 4.2 3.8
CVE-2018-8618 No No - - Critical 4.2 3.8
CVE-2018-8624 No No - - Critical 4.2 3.8
CVE-2018-8629 No No - - Critical 4.2 3.8
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVE-2018-8612 No No More Likely More Likely Important 4.7 4.7
December 2018 Adobe Flash Security Update
ADV180031 No No - - Critical    
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2018-8599 No No More Likely More Likely Important 7.0 6.3
DirectX Information Disclosure Vulnerability
CVE-2018-8638 No No - - Important 4.7 4.2
Internet Explorer Memory Corruption Vulnerability
CVE-2018-8631 No No More Likely More Likely Critical 6.4 5.8
Internet Explorer Remote Code Execution Vulnerability
CVE-2018-8619 No No More Likely More Likely Important 6.4 5.8
Microsoft Dynamics NAV Cross Site Scripting Vulnerability
CVE-2018-8651 No No Less Likely Less Likely Important    
Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8598 No No Less Likely Less Likely Important    
CVE-2018-8627 No No Less Likely Less Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8597 No No More Likely More Likely Important    
CVE-2018-8636 No No Less Likely Less Likely Important    
Microsoft Exchange Server Tampering Vulnerability
CVE-2018-8604 No No Less Likely Less Likely Important    
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2018-8587 No No More Likely More Likely Important    
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2018-8628 No No More Likely More Likely Important    
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2018-8580 No No Unlikely Unlikely Important    
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2018-8635 No No Unlikely Unlikely Important    
Microsoft Text-To-Speech Remote Code Execution Vulnerability
CVE-2018-8634 No No More Likely More Likely Critical 4.2 3.8
Remote Procedure Call runtime Information Disclosure Vulnerability
CVE-2018-8514 No No Less Likely Less Likely Important 3.3 3.3
Scripting Engine Memory Corruption Vulnerability
CVE-2018-8643 No No More Likely More Likely Important 6.4 5.8
Win32k Elevation of Privilege Vulnerability
CVE-2018-8639 No No More Likely More Likely Important 7.0 6.3
CVE-2018-8641 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2018-8637 No No More Likely More Likely Important 4.7 4.2
Windows Azure Pack Cross Site Scripting Vulnerability
CVE-2018-8652 No No - - Important    
Windows DNS Server Heap Overflow Vulnerability
CVE-2018-8626 No No Less Likely Less Likely Critical 9.8 8.8
Windows Denial of Service Vulnerability
CVE-2018-8649 No No - - Important 5.0 4.5
Windows GDI Information Disclosure Vulnerability
CVE-2018-8595 No No More Likely More Likely Important 4.7 4.2
CVE-2018-8596 No No More Likely More Likely Important 4.7 4.2
Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8611 No Yes Detected More Likely Important 7.0 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2018-8477 No No More Likely More Likely Important 3.3 3.3
CVE-2018-8621 No No - - Important 4.7 4.1
CVE-2018-8622 No No - - Important 4.7 4.1
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-8625 No No More Likely More Likely Important 6.4 5.8

 

For a detailed breakdown please see Renato's Dashboard: 

https://patchtuesdaydashboard.com/

 Richard

168 Posts
ISC Handler
Dec 11th 2018
Thread locked Subscribe Dec 11th 2018
2 years ago
Hey guys, the patch tuesday dashboard Certificate is expired... FYI
 Anonymous
Quote Dec 21st 2018
2 years ago
Thank you for the notification. I passed the word to the owner of the website. I'll take care of it.
 Xme

587 Posts
ISC Handler
Quote Dec 21st 2018
2 years ago

Sign Up for Free or Log In to start participating in the conversation!