Threat Level: green Handler on Duty: Richard Porter

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Microsoft December 2018 Patch Tuesday

Published: 2018-12-11
Last Updated: 2018-12-11 20:58:52 UTC
by Richard Porter (Version: 1)
0 comment(s)

December 2018 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Denial Of Service Vulnerability
CVE-2018-8517 Yes No Unlikely Unlikely Important    
.NET Framework Remote Code Injection Vulnerability
CVE-2018-8540 No No Less Likely Less Likely Critical    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2018-8583 No No - - Critical 4.2 3.8
CVE-2018-8617 No No - - Critical 4.2 3.8
CVE-2018-8618 No No - - Critical 4.2 3.8
CVE-2018-8624 No No - - Critical 4.2 3.8
CVE-2018-8629 No No - - Critical 4.2 3.8
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVE-2018-8612 No No More Likely More Likely Important 4.7 4.7
December 2018 Adobe Flash Security Update
ADV180031 No No - - Critical    
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2018-8599 No No More Likely More Likely Important 7.0 6.3
DirectX Information Disclosure Vulnerability
CVE-2018-8638 No No - - Important 4.7 4.2
Internet Explorer Memory Corruption Vulnerability
CVE-2018-8631 No No More Likely More Likely Critical 6.4 5.8
Internet Explorer Remote Code Execution Vulnerability
CVE-2018-8619 No No More Likely More Likely Important 6.4 5.8
Microsoft Dynamics NAV Cross Site Scripting Vulnerability
CVE-2018-8651 No No Less Likely Less Likely Important    
Microsoft Excel Information Disclosure Vulnerability
CVE-2018-8598 No No Less Likely Less Likely Important    
CVE-2018-8627 No No Less Likely Less Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2018-8597 No No More Likely More Likely Important    
CVE-2018-8636 No No Less Likely Less Likely Important    
Microsoft Exchange Server Tampering Vulnerability
CVE-2018-8604 No No Less Likely Less Likely Important    
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2018-8587 No No More Likely More Likely Important    
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2018-8628 No No More Likely More Likely Important    
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2018-8580 No No Unlikely Unlikely Important    
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2018-8635 No No Unlikely Unlikely Important    
Microsoft Text-To-Speech Remote Code Execution Vulnerability
CVE-2018-8634 No No More Likely More Likely Critical 4.2 3.8
Remote Procedure Call runtime Information Disclosure Vulnerability
CVE-2018-8514 No No Less Likely Less Likely Important 3.3 3.3
Scripting Engine Memory Corruption Vulnerability
CVE-2018-8643 No No More Likely More Likely Important 6.4 5.8
Win32k Elevation of Privilege Vulnerability
CVE-2018-8639 No No More Likely More Likely Important 7.0 6.3
CVE-2018-8641 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2018-8637 No No More Likely More Likely Important 4.7 4.2
Windows Azure Pack Cross Site Scripting Vulnerability
CVE-2018-8652 No No - - Important    
Windows DNS Server Heap Overflow Vulnerability
CVE-2018-8626 No No Less Likely Less Likely Critical 9.8 8.8
Windows Denial of Service Vulnerability
CVE-2018-8649 No No - - Important 5.0 4.5
Windows GDI Information Disclosure Vulnerability
CVE-2018-8595 No No More Likely More Likely Important 4.7 4.2
CVE-2018-8596 No No More Likely More Likely Important 4.7 4.2
Windows Kernel Elevation of Privilege Vulnerability
CVE-2018-8611 No Yes Detected More Likely Important 7.0 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2018-8477 No No More Likely More Likely Important 3.3 3.3
CVE-2018-8621 No No - - Important 4.7 4.1
CVE-2018-8622 No No - - Important 4.7 4.1
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2018-8625 No No More Likely More Likely Important 6.4 5.8

 

For a detailed breakdown please see Renato's Dashboard: 

https://patchtuesdaydashboard.com/

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Arrest of Huawei CFO Inspires Advance Fee Scam
Dec 10th 2018
2 days ago by Johannes (0 comments)

Quickie: String Analysis is Still Useful
Dec 9th 2018
2 days ago by DidierStevens (0 comments)

Reader Malware Submission: MHT File Inside a ZIP File
Dec 8th 2018
3 days ago by DidierStevens (0 comments)

A Dive into malicious Docker Containers
Dec 7th 2018
4 days ago by Remco (0 comments)

Is it Time to Uninstall Flash? (If you haven't already)
Dec 6th 2018
5 days ago by Rob VandenBrink (2 comments)

Campaign evolution: Hancitor changes its Word macros
Dec 5th 2018
6 days ago by Brad (0 comments)

View All Diaries →

Latest Discussions

Dedicated development team
created Dec 5th 2018
6 days ago by Anonymous (0 replies)

virtual server design
created Nov 28th 2018
1 week ago by Anonymous (0 replies)

Intern needs help
created Nov 23rd 2018
2 weeks ago by Anonymous (0 replies)

CVE Links Are Broken
created Nov 17th 2018
3 weeks ago by George (1 reply)

Mobile Forensics tools - suggestions?
created Oct 8th 2018
2 months ago by Gary (0 replies)

View All Forums →

Latest News

View All News →

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
1 year ago by Brad (6 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
1 year ago by Johannes (16 comments)

Detection Lab: Visibility & Introspection for Defenders
Dec 15th 2017
11 months ago by Russ McRee (2 comments)

Maldoc with auto-updated link
Aug 17th 2017
1 year ago by Xme (2 comments)

Second Google Chrome Extension Banker Malware in Two Weeks
Aug 29th 2017
1 year ago by Renato (0 comments)