Microsoft 10 lipca 2018 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano 53 poprawki bezpieczeństwa dla 15 różnych produktów, w tym 17 aktualizacji oznaczonych jako krytyczne i 34 jako ważne.

Aktualizacje naprawiają luki w:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office i Microsoft Office Services and Web Apps
  • ChakraCore
  • Adobe Flash Player
  • .NET Framework
  • ASP.NET
  • Microsoft Research JavaScript Cryptography Library
  • Skype for Business i Microsoft Lync
  • Visual Studio
  • Microsoft Wireless Display Adapter V2 Software
  • PowerShell Editor Services
  • PowerShell Extension for Visual Studio Code
  • Web Customizations for Active Directory Federation Services

Najistotniejszymi w tym miesiącu poprawkami są aktualizacje dla IE, Edge i ChakraCore. Wykorzystanie załatanych podatności przez nieuwierzytelnionego atakującego mogło skutkować zdalnym wykonaniem kodu na komputerze ofiary z uprawnieniami zalogowanego użytkownika.

Zespół CERT PSE zaleca jak najszybsze zapoznanie się informacjami oraz instalację aktualizacji.
Poniżej przedstawiamy szczegółowe zestawienie aktualizacji:

Tag CVE ID CVE Title
Adobe Flash Player ADV180017 July 2018 Adobe Flash Security Update
.NET Framework CVE-2018-8284 .NET Framework Remote Code Injection Vulnerability
.NET Framework CVE-2018-8260 .NET Framework Remote Code Execution Vulnerability
.NET Framework CVE-2018-8202 .NET Framework Elevation of Privilege Vulnerability
.NET Framework CVE-2018-8356 .NET Framework Security Feature Bypass Vulnerability
Active Directory CVE-2018-8326 Open Source Customization for Active Directory Federation Services XSS Vulnerability
ASP.NET CVE-2018-8171 ASP.NET Security Feature Bypass Vulnerability
Device Guard CVE-2018-8222 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Internet Explorer CVE-2018-0949 Internet Explorer Security Feature Bypass Vulnerability
Microsoft Devices CVE-2018-8306 Microsoft Wireless Display Adapter Command Injection Vulnerability
Microsoft Edge CVE-2018-8289 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-8301 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2018-8325 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-8324 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-8297 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-8274 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2018-8278 Microsoft Edge Spoofing Vulnerability
Microsoft Edge CVE-2018-8262 Microsoft Edge Memory Corruption Vulnerability
Microsoft Office CVE-2018-8281 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8323 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-8300 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8312 Microsoft Access Remote Code Execution Vulnerability
Microsoft Office CVE-2018-8299 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-8310 Microsoft Office Tampering Vulnerability
Microsoft PowerShell CVE-2018-8327 PowerShell Editor Services Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2018-8294 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8280 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8242 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8125 Microsoft Edge Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8298 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8287 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8288 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8290 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8279 Microsoft Edge Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8283 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8286 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8275 Microsoft Edge Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8296 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8291 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-8276 Scripting Engine Security Feature Bypass Vulnerability
Microsoft Windows CVE-2018-8308 Windows Kernel Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-8309 Windows Denial of Service Vulnerability
Microsoft Windows CVE-2018-8305 Windows Mail Client Information Disclosure Vulnerability
Microsoft Windows CVE-2018-8206 Windows FTP Server Denial of Service Vulnerability
Microsoft Windows CVE-2018-8319 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
Microsoft Windows CVE-2018-8313 Windows Elevation of Privilege Vulnerability
Microsoft Windows DNS CVE-2018-8304 Windows DNSAPI Denial of Service Vulnerability
Microsoft WordPad CVE-2018-8307 WordPad Security Feature Bypass Vulnerability
Skype for Business and Microsoft Lync CVE-2018-8238 Skype for Business and Lync Security Feature Bypass Vulnerability
Skype for Business and Microsoft Lync CVE-2018-8311 Remote Code Execution Vulnerability in Skype For Business and Lync
Visual Studio CVE-2018-8172 Visual Studio Remote Code Execution Vulnerability
Visual Studio CVE-2018-8232 Microsoft Macro Assembler Tampering Vulnerability
Windows Kernel CVE-2018-8282 Win32k Elevation of Privilege Vulnerability
Windows Shell CVE-2018-8314 Windows Elevation of Privilege Vulnerability