NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Patch Tuesday August 2018

August 15, 2018

  • Blog
  • Archive

Patch Tuesday

This month’s Patch Tuesday brings with it a total of 60 security patches covering various products such as Internet Explorer, Edge, ChakraCore, Windows components, .NET Framework, SQL Server, Exchange Server, and Microsoft Office. Of these 60 vulnerabilities, 20 are listed as Critical, 38 are rated Important, one is rated as Moderate, and one is rated as Low severity. At the time of this release, two vulnerabilities (CVE-2018-8373 and CVE-2018-8414) had already been publicly disclosed and are actively being exploited in the wild.

Internet Explorer

IE is patched for five vulnerabilities this month, including the aforementioned vulnerability that is being actively exploited. The majority of these vulnerabilities are caused by memory corruption issues which can lead to remote code execution. An attacker can leverage these by enticing a victim to browse to a specially crafted webpage.

Edge

Two critical memory corruption issues were patched this month within the Edge browser, along with four important, and one low severity vulnerabilities. The worst of these (the critical-rated issues), are similar to those affecting IE in that they require a victim to browse specially crafted webpages.

Chakra Engine

The Chakra Scripting Engine contains five critical vulnerabilities along with one important rated memory corruption vulnerability. The worst of these can lead to remote code execution and can also be leveraged through a specially crafted website, in addition to embedding an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the browser rendering engine.

Windows components

Various Windows components are patched this month which include Windows Shell, Graphics, GDI+, Diagnostic Hub, Device Guard, Cortana, Windows Installer, ADFS, Windows Kernel, Windows NDIS, Microsoft COM, DirectX Graphics, LNK, and Win32k. Of these components the one to be most concerned about is Windows Shell and specifically CVE-2018-8414. As previously mentioned, this vulnerability is also being actively exploited.

.NET Framework

The .Net Framework is patched for only one important rated vulnerability this month. This vulnerability can lead to information disclosure and can occur when .NET Framework is used in high-load/high-density network connections where content from one stream can blend into another stream.

SQL Server

A critical vulnerability has been patched in SQL Server which is caused by a classic buffer overflow. An attacker could leverage this by sending a specially crafted query to the affected server which can lead to code execution in the context of the service account. Extra attention should be applied to this considering the amount of damage an attacker could cause when exploiting this vulnerability.

Exchange Server

Two vulnerabilities are patched within Exchange Server, one critical and one important rated. The critical vulnerability is caused by Exchange failing to properly handle objects in memory which can lead to remote code execution in the context of the System user. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.

Microsoft Office

Office is patched for five important-rated vulnerabilities which can lead to elevation of privilege and information disclosure. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.

Author, BeyondTrust Research Team

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.