Latest Security Advisories & Notable Vulnerabilities

Microsoft addresses vulnerabilities in its September security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2018-8440 - Windows ALPC Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability exists in the Advanced Local Procedure Call (ALPC) of Windows. Calls to ALPC may be exploited by an attacker to successfully exploit this vulnerability.


  • CVE-2018-8367 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the way the Chakra scripting engine of Microsoft Edge handles objects in memory. An attacker must convince a user to open a specially-crafted webpage to exploit this vulnerability.


  • CVE-2018-8391 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the ChakraCore scripting engine. The vulnerability exists in the way it handles objects in memory.


  • CVE-2018-8420 - MS XML Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the way the MSXML input parser of Microsoft XML Core Services. An attacker must convince a user to access a specially-crafted webpage to exploit this vulnerability.


  • CVE-2018-8442 - Windows Kernel Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the handling of objects in memory by the Windows kernel. This handling is corrected by this specific patch.


  • CVE-2018-8447 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    The remote code execution vulnerability exists in the improper handling of objects in memory by Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8456 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by the ChakraCore scripting engine. This handling is corrected by this specific patch.


  • CVE-2018-8459 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by the ChakraCore scripting engine. This handling is corrected by this specific patch.


  • CVE-2018-8461 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8464 - Microsoft Edge PDF Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Edge PDF Reader. This handling is corrected by this specific patch.


  • CVE-2018-8466 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8467 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8470 - Internet Explorer Security Feature Bypass Vulnerability
    Risk Rating: Important

    This security feature bypass vulnerability exists in Internet Explorer. This is due to its handling of scripts, which can allow universal cross-site scripting. This handling is corrected by this specific patch.


  • CVE-2018-8475 - Windows Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the image handling of Windows. This handling is corrected by this specific patch.


Microsoft addresses vulnerabilities in its August security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2018-8373 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Internet Explorer scripting engine. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-8414 - Windows Shell Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the way the Windows Shell validates file paths. An attacker must convince a user to open a specially-crafted file to exploit this vulnerability.


  • CVE-2018-0763 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Critical

    This information disclosure vulnerability exists in the way the Microsoft Edge handles objects in memory. An attacker must convince a user to access a specially-crafted file to exploit this vulnerability.


  • CVE-2018-1021 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the way the Microsoft Edge handles objects in memory. An attacker must convince a user to access a specially-crafted file to exploit this vulnerability.


  • CVE-2018-8266 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the Chakra scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8344 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    The remote code execution vulnerability exists in the improper handling of specially crafted embedded fonts by the Windows font library. This handling is corrected by this specific patch.


  • CVE-2018-8345 - LNK Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in processing of .LNK files in Microsoft Windows. This handling is corrected by this specific patch.


  • CVE-2018-8353 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the handling of objects in memory by Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8355 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft browsers. This handling is corrected by this specific patch.


  • CVE-2018-8371 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the way Internet Explorer handles objects in memory. This handling is corrected by this specific patch.


  • CVE-2018-8372 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the way Microsoft browsers handles objects in memory. This handling is corrected by this specific patch.


  • CVE-2018-8376 - Microsoft PowerPoint Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the way Microsoft PowerPoint handles objects in memory. This handling is corrected by this specific patch.


  • CVE-2018-8379 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the way Microsoft Excel handles objects in memory. This handling is corrected by this specific patch.


  • CVE-2018-8383 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This spoofing vulnerability exists in the way Microsoft Edge parses HTTP content. This handling is corrected by this specific patch.


  • CVE-2018-8384 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the way the Chakra scripting engine in Microsoft Edge handles objects in memory. This handling is corrected by this specific patch.


  • CVE-2018-8387 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the accessing of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8389 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8401 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability exists in the handling of objects in memory by the DirectX Graphics Kernel driver. This handling is corrected by this specific patch.


  • CVE-2018-8403 - Microsoft Browser Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by Microsoft browsers. This handling is corrected by this specific patch.


  • CVE-2018-8404 - Win32k Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability exists in the handling of objects in memory by the Win32k component in Windows. This handling is corrected by this specific patch.


  • CVE-2018-8405 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability exists in the handling of objects in memory by the DirectX Graphics Kernel driver. This handling is corrected by this specific patch.


  • CVE-2018-8406 - DirectX Graphics Kernel Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability exists in the handling of objects in memory by the DirectX Graphics Kernel driver. This handling is corrected by this specific patch.


July 2018 - Microsoft Releases Security Patches
 Advisory Date:  11 Jul 2018

Microsoft addresses vulnerabilities in its July security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2018-8298 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the ChakraCore scripting engine. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-8274 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8296 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8283 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the ChakraCore scripting engine. This handling is corrected by this specific patch.


  • CVE-2018-8278 - Microsoft Edge Spoofing Vulnerability
    Risk Rating: Important

    This spoofing vulnerability exists in the handling of specific HTML content by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8291 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by Microsoft Edge and Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8125 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8324 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Critical

    This information disclosure vulnerability exists in the handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8262 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8289 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    The information disclosure vulnerability exists in the improper handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8275 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-8279 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0949 - Internet Explorer Security Feature Bypass Vulnerability
    Risk Rating: Important

    This security feature bypass vulnerability exists in Microsoft Internet Explorer when handling UNC resources. This handling is corrected by this specific patch.


  • CVE-2018-8297 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the way Microsoft Edge handles objects in memory. This handling is corrected by this specific patch.


  • CVE-2018-8242 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This information disclosure vulnerability exists in the way Internet Explorer handles objects in memory. This handling is corrected by this specific patch.


  • CVE-2018-8288 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This information disclosure vulnerability exists in the way Internet Explorer and Microsoft Edge handles objects in memory. This handling is corrected by this specific patch.


June 2018 - Microsoft Releases Security Patches
 Advisory Date:  13 Jun 2018

Microsoft addresses vulnerabilities in its June security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2018-0978 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Internet Explorer. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-8111 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8251 - Media Foundation Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the Windows Media Foundation. This handling is corrected by this specific patch.


  • CVE-2018-8210 - Windows Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the handling of objects in memory by Windows. This handling is corrected by this specific patch.


  • CVE-2018-8267 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8249 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8248 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the handling of objects in memory by Microsoft Excel. This handling is corrected by this specific patch.


  • CVE-2018-8110 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8225 - Windows DNSAPI Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of DNS responses by Windows Domain Name System DNSAPI.dll. This handling is corrected by this specific patch.


  • CVE-2018-8236 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    The remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8229 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0951 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


May 2018 - Microsoft Releases Security Patches
 Advisory Date:  09 May 2018

Microsoft addresses vulnerabilities in its May security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2018-8174 - Windows VBScript Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the VBScript engine of Windows. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0934 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the Chakra Scripting Engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8114 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8123 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0946 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8133 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the Chakra Scripting Engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8137 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0953 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0954 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer and Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8179 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Important

    The remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0955 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the scripting engine of Internet Explorer. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0951 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8122 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer and Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8158 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by the update that modifies the way Microsoft Office handles objects in memory.


  • CVE-2018-8157 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by the update that modifies the way Microsoft Office handles objects in memory.


April 2018 - Microsoft Releases Security Patches
 Advisory Date:  11 Apr 2018

Microsoft addresses vulnerabilities in its April security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2018-0994 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-1028 - Microsoft Office Graphics Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the handling of embedded fonts by Office graphics component. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1010 - Microsoft Office Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1012 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1013 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1015 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1016 - Microsoft Graphics Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of embedded fonts by Windows font library. The Windows Font library is corrected by this specific patch.


  • CVE-2018-1004 - Windows VBScript Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability is addressed in the current security update from Microsoft. This vulnerability exists in the way the scripting engine handles objects in memory.


  • CVE-2018-1003 - Microsoft JET Database Engine Remote Code Execution Vulnerability
    Risk Rating: Important

    The buffer overflow vulnerability exists in the way the Microsoft JET Database handles objects in memory. When exploited successfully, it gives attackers control of the vulnerable system.


  • CVE-2017-11779 - Windows DNSAPI Remote Code Execution Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way the DNSAPI.dll component handles DNS responses. This remote code execution vulnerability, when exploited successfully, allows attackers to execute code of their choice on the vulnerable system.


  • CVE-2018-0993 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0986 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    The memory corruption vulnerability exists in the way Microsoft Malware Protection Engine scans a specially crafted file. This update corrects the vulnerability.


  • CVE-2018-1018 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way Internet Explorer accesses objects in memory. Attackers looking to exploit this remote code execution vulnerability must convince the user to click on a malicious link or find a way to entice user that will exploit this vulnerability.


  • CVE-2018-0998 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the Microsoft Edge PDF Reader. It is resolved by the update that modifies the way the said reader handles objects in memory.


  • CVE-2018-0883 - Windows Shell Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Windows Shell. It is resolved by ensuring that Windows Shell has a way to validate file copy destinations.


  • CVE-2018-1026 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by correcting the way Microsoft Office handles objects in memory.


  • CVE-2018-1011 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory.


  • CVE-2018-0991 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Internet Explorer. It is resolved by correcting the way Internet Explorer handles objects in memory.


  • CVE-2018-0995 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Chakra scripting engine in Microsoft Edge. It is resolved by correcting the way Chakra scripting engine handles objects in memory.


  • CVE-2018-1001 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the scripting engine in Internet Explorer. It is resolved by correcting the way the scripting engine handles objects in memory.


  • CVE-2018-0990 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Chakra scripting engine in Microsoft Edge. It is resolved by correcting the way Chakra scripting engine handles objects in memory.


  • CVE-2018-0996 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the scripting engine in Internet Explorer. It is resolved by correcting the way the scripting engine handles objects in memory.


  • CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802) - 1
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by removing the Equation Editor function.


  • CVE-2018-1029 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory.


  • CVE-2018-0878 - Windows Remote Assistance Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in Windows Remote Assistance. It is resolved by correcting the way Windows Remote Assistance handles XML External Entities (XXE).


  • CVE-2018-0920 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory.


  • CVE-2018-0997 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Internet Explorer. It is resolved by correcting the way Internet Explorer handles objects in memory.


  • CVE-2018-0990 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Chakra scripting engine in Microsoft Edge. It is resolved by correcting the way Chakra scripting engine handles objects in memory.


  • CVE-2018-1030 - Microsoft Office Memory Corruption Vulnerability (CVE-2018-0802) - 1
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by correcting the way Microsoft Office handles objects in memory.


  • CVE-2018-0988 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the scripting engine in Internet Explorer. It is resolved by correcting the way the scripting engine handles objects in memory.


  • CVE-2018-0988 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Internet Explorer. It is resolved by correcting the way Internet Explorer handles objects in memory.


  • CVE-2018-1027 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Excel. It is resolved by correcting the way Microsoft Excel handles objects in memory.


Microsoft addresses 75 vulnerabilities in its March security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2018-0934 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0872 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0930 - Chakra Scripting Engine Memory Corruption Vulnerabilit
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Chakra scripting engine of Microsoft Edge. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0903 - Microsoft Access Remote Code Execution Vulnerability
    Risk Rating: Important

    The vulnerability exists in the way Microsoft Access handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user.


  • CVE-2018-0935 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in the scripting engine of several versions of Internet Explorer. In particular, the vulnerability lies in the way said browsers handles objects in memory.


  • CVE-2018-0855 - Windows EOT Font Engine Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability is addressed in the current security update from Microsoft. This vulnerbaility exists in the way Microsoft Windows Embedded OpenType (EOT) font engine processes specially crafted embedded fonts.


  • CVE-2018-0893 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability is addressed in the current security update from Microsoft. This vulnerability exists in the way the scripting engine handles objects in memory.


  • CVE-2018-0770 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability is addressed in the current security update from Microsoft. This vulnerability exists in the way the scripting engine handles objects in memory.


  • CVE-2018-0933 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way the Chakra scripting engine in Microsoft Edge handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user.


  • CVE-2018-0889 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way the scripting engine handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user.


  • CVE-2018-0817 - Windows GDI Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability in the Windows Graphics Device Interface (GDI) exists in the way it handles objects in memory. Attackers looking to exploit this vulnerability must be logged on to the system.


  • CVE-2018-0877 - Windows Desktop Bridge VFS Elevation of Privilege Vulnerability
    Risk Rating: Important

    The vulnerability exists in the way Windows Desktop Bridge VFS manages file paths. Attackers looking to exploit this elevation of privilege vulnerability must be logged on to the system.


  • CVE-2018-0882 - Windows Desktop Bridge Elevation of Privilege Vulnerability
    Risk Rating: Important

    The vulnerability exists in the way Windows Desktop Bridge VFS manages the virtual registry. Attackers looking to exploit this elevation of privilege vulnerability must be logged on to the system.


  • CVE-2018-0874 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the Chakra scripting engine in Microsoft Edge. It is resolved by the update that modifies the way the said scripting engine handles objects in memory.


  • CVE-2018-0922 - Microsoft Office Memory Corruption Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by the update that corrects the way Microsoft Office handles objects in memory.


Microsoft addresses 50 vulnerabilities in its February batch of patches. Trend Micro Deep Security covers the following:

  • CVE-2018-0844 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability is exploited when an attacker who can log on to the system runs specially crafted code. The security update corrects how the Windows Common Log File System (CLFS) handles objects in memory.


  • CVE-2018-0846 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability is exploited when an attacker who can log on to the system runs specially crafted code. The security update corrects how the Windows Common Log File System (CLFS) handles objects in memory.


  • CVE-2018-0825 - StructuredQuery Remote Code Execution Vulnerability
    Risk Rating: Critical

    The vulnerability exists in StructuredQuery when it fails to handle objects in memory. Attackers looking to exploit this remote code execution vulnerability will have to find a way for a logged on user to execute a specially crafted file.


  • CVE-2018-0860 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way Microsoft Edge handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user.


  • CVE-2018-0840 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Microsoft browsers' scripting engines. In particular, the bulnerability lies in the way said browsers handles objects in memory.


  • CVE-2018-0742 - Windows Kernel Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability is addressed in the current security update from Microsoft. This vulnerbaility exists in the way Windows Kernel handles objects in memory.


  • CVE-2018-0756 - Windows Kernel Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability is addressed in the current security update from Microsoft. This vulnerbaility exists in the way Windows Kernel handles objects in memory.


  • CVE-2018-0842 - Windows Kernel Elevation of Privilege Vulnerability
    Risk Rating: Important

    This elevation of privilege vulnerability is addressed in the current security update from Microsoft. This vulnerbaility exists in the way Windows Kernel handles objects in memory.


  • CVE-2018-0834 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way Microsoft Edge handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user.


  • CVE-2018-0838 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way Microsoft Edge handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user.


  • CVE-2018-0841 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability in Microsoft Excel exists in the way it handles objects in memory. Attackers looking to exploit this vulnerability must convince a target machine's user to open a specially crafted file.


  • CVE-2018-0837 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way Microsoft Edge handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user.


  • CVE-2018-0835 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    The vulnerability exists in the way Microsoft Edge handles objects in memory. This remote code execution vulnerability, when exploited successfully, gives attackers rights equal to the rights of the logged on user.


  • CVE-2018-0858 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the ChakraCore scripting engine. It is resolved by the update that modifies the way the said scripting engine handles objects in memory.


  • CVE-2018-0866 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in Internet Explorer. It is resolved by the update that modifies the way the said scripting engine handles objects in memory.


Microsoft addresses 56 vulnerabilities in its January batch of patches.

  • CVE-2018-0804 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Low

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0805 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0806 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0807 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0812 - Microsoft Word Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0818 - Scripting Engine Security Feature Bypass
    Risk Rating: Important

    A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed. An attacker could use the CFG bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code on a target system. The security update addresses the CFG bypass vulnerability by helping to ensure that the Microsoft Chakra scripting engine properly handles accessing memory.


  • CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for MAC
    Risk Rating: Important

    A spoofing vulnerability exists when Microsoft Outlook for MAC does not properly handle the encoding and display of email addresses. This improper handling and display may cause antivirus or antispam scanning to not work as intended. The security update addresses the vulnerability by correcting how Outlook for MAC displays encoded email addresses.


  • CVE-2018-0746 - Windows Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


  • CVE-2018-0747 - Windows Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited the vulnerability could retrieve the memory address of a kernel object. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


  • CVE-2018-0748 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


  • CVE-2018-0748 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


  • CVE-2018-0751 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


  • CVE-2018-0752 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions.


  • CVE-2018-0753 - Windows IPSec Denial of Service Vulnerability
    Risk Rating: Important

    A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. The security update addresses the vulnerability by correcting how Windows handles objects in memory.


  • CVE-2018-0750 - Windows GDI Information Disclosure Vulnerability
    Risk Rating: Important

    A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.


  • CVE-2018-0773 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0774 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0781 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0784 - ASP.NET Core Elevation Of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests. An attacker who successfully exploited this vulnerability could perform content injection attacks and run script in the security context of the logged-on user. The security update addresses the vulnerability by correcting the ASP.NET Core project templates.


  • CVE-2018-0786 - .NET Security Feature Bypass Vulnerability
    Risk Rating: Important

    A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. The security update addresses the vulnerability by helping to ensure that .NET Framework (and .NET Core) components completely validate certificates.


  • CVE-2018-0788 - OpenType Font Driver Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. The security update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory.


  • CVE-2018-0795 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.


  • CVE-2018-0797 - Microsoft Word Memory Corruption Vulnerability
    Risk Rating: Critical

    An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by changing the way Microsoft Office software handles RTF content.


  • CVE-2018-0799 - Microsoft Access Tampering Vulnerability
    Risk Rating: Important

    A cross-site-scripting (XSS) vulnerability exists when Microsoft Access does not properly sanitize inputs to image fields edited within Design view. An attacker could exploit the vulnerability by sending a specially crafted file to a victim, or by hosting the file on a web server. The security update addresses the vulnerability by helping to ensure that Microsoft Access properly sanitizes image field values.


  • CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0801 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


  • CVE-2018-0803 - Microsoft Edge Elevation of Privilege Vulnerability
    Risk Rating: Risk Rating: Low

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. The security update addresses the vulnerability by helping to ensure that cross-domain policies are properly enforced in Microsoft Edge.


  • CVE-2018-0800 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Critical

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.


  • CVE-2018-0741 - Microsoft Color Management Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory. This vulnerability allows an attacker to retrieve information to bypass usermode ASLR (Address Space Layout Randomization) on a targeted system. The security update addresses the vulnerability by correcting how Color Management Module handles objects in memory.


  • CVE-2018-0743 - Windows Subsystem for Linux Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.


  • CVE-2018-0744 - Windows Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.


  • CVE-2018-0745 - Windows Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass. The security update addresses the vulnerability by correcting how the Windows kernel handles memory addresses.


  • CVE-2018-0749 - SMB Server Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. The update addresses the vulnerability by correcting how Windows SMB Server handles such specially crafted files.


  • CVE-2018-0754 - OpenType Font Driver Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. The update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory.


  • CVE-2018-0758 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0762 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0766 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory.


  • CVE-2018-0767 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Critical

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.


  • CVE-2018-0768 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0764 - .NET and .NET Core Denial Of Service Vulnerability
    Risk Rating: Important

    A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. The update addresses the vulnerability by correcting how a .NET, and .NET core, applications handles XML document processing


  • CVE-2018-0769 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0770 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0772 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0775 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0776 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0777 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0778 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2018-0780 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Moderate

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.


  • CVE-2018-0785 - ASP.NET Core Cross Site Request Forgery Vulnerabilty
    Risk Rating: Moderate

    A Cross Site Request Forgery (CSRF) vulnerability exists when a ASP.NET Core web application is created using vulnerable project templates. An attacker who successfully exploited this vulnerability could change the recovery codes associated with the victim's user account without his/her consent. The update corrects the ASP.NET Core project templates.


  • CVE-2018-0789 - Microsoft SharePoint Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


  • CVE-2018-0790 - Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


  • CVE-2018-0791 - Microsoft Outlook Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. The security update addresses the vulnerability by correcting the way that Microsoft Outlook parses specially crafted email messages.


  • CVE-2018-0792 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.


  • CVE-2018-0793 - Microsoft Outlook Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited the vulnerability could take control of an affected system. The security update addresses the vulnerability by correcting the way that Microsoft Outlook parses specially crafted email messages.


  • CVE-2018-0794 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.


  • CVE-2018-0796 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles objects in memory.


  • CVE-2018-0798 - Microsoft Office Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. The security update addresses the vulnerability by removing Equation Editor functionality.


Microsoft addresses several vulnerabilities in its December batch of patches, several of which addresses remote code execution vulnerabilities.

  • CVE-2017-11885 - Windows RRAS Service Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. The security update addresses the vulnerability by correcting how the Routing and Remote Access service handles requests.


  • CVE-2017-11889 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11890 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11893 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11895 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11899 - Microsoft Windows Security Feature Bypass Vulnerability
    Risk Rating: Important

    A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file appear to be signed. The update addresses the vulnerability by correcting how Device Guard handles untrusted files.


  • CVE-2017-11901 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11903 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11906 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Low

    An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11908 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11909 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11910 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11911 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11912 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11913 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11914 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11918 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11927 - Microsoft Windows Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site in order to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site. The security update addresses the vulnerability by correcting how the Windows its:// protocol handler determines the zone of a request.


  • CVE-2017-11930 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11932 - Microsoft Exchange Spoofing Vulnerability
    Risk Rating: Important

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. The security update addresses the vulnerability by correcting how OWA validates web requests.


  • CVE-2017-11937 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files.


  • CVE-2017-11886 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11887 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Low

    An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11888 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


  • CVE-2017-11894 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11907 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.


  • CVE-2017-11905 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.


  • CVE-2017-11916 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory.


  • CVE-2017-11919 - Scripting Engine Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.


  • CVE-2017-11934 - Microsoft PowerPoint Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. The update addresses the vulnerability by changing the way certain functions handle objects in memory.


  • CVE-2017-11935 - Microsoft Excel Remote Code Execution Vulnerability
    Risk Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The security update addresses the vulnerability by correcting how Microsoft Office handles files in memory.


  • CVE-2017-11936 - Microsoft SharePoint Elevation of Privilege Vulnerability
    Risk Rating: Important

    An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.


  • CVE-2017-11939 - Microsoft Office Information Disclosure Vulnerability
    Risk Rating: Important

    An information disclosure vulnerability exists when Microsoft Outlook fails to enforce copy/paste permissions on DRM-protected emails. An attacker who successfully exploited the vulnerability could potentially extract plaintext content from DRM-protected draft emails. The security update addresses the vulnerability by correcting how Microsoft Outlook enforces DRM copy/paste permissions.


  • CVE-2017-11940 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files.


Featured Stories