Just a few minutes agone Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a amount of threescore vulnerabilities, of which xix are rated equally critical.
The updates spell flaws inwards Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server together with Visual Studio.
Two of these vulnerabilities patched past times the tech giant is listed equally publicly known together with beingness exploited inwards the wild at the fourth dimension of release.
According to the advisory released past times Microsoft, all xix critical-rated vulnerabilities Pb to remote code execution (RCE), exactly about of which could eventually allow attackers to bring command of the affected organization if exploited successfully.
Besides this, Microsoft has too addressed 39 of import flaws, i moderate together with i depression inwards severity.
Here below nosotros stimulate got listed brief details of a few critical together with publically exploited of import vulnerabilities:
Internet Explorer Memory Corruption Vulnerability (CVE-2018-8373)
The origin vulnerability nether active assail is a critical remote code execution vulnerability that was revealed past times Trend Micro final calendar month together with affected all supported versions of Windows.
Internet Explorer 9, 10 together with xi are vulnerable to a retention corruption number that could allow remote attackers to bring command of the vulnerable systems exactly past times convincing users to persuasion a especially crafted website through Internet Explorer.
"An aggressor could too embed an ActiveX command marked ‘safe for initialization’ inwards an application or Microsoft Office document that hosts the IE rendering engine," Microsoft says inwards its advisory.
Windows Shell Remote Code Execution Vulnerability (CVE-2018-8414)
The 2nd publicly known together with actively exploited flaw resides inwards the Windows Shell, which originates due to improper validation of file paths.
The arbitrary code tin hold out executed on the targeted organization past times convincing victims into opening a especially crafted file received via an e-mail or a spider web page.
Microsoft SQL Server RCE (CVE-2018-8273)
Microsoft SQL Server 2016 together with 2017 are vulnerable to a buffer overflow vulnerability that could hold out exploited remotely past times an aggressor to execute arbitrary code inwards the context of the SQL Server Database Engine service account.
Successful exploitation of the vulnerability requires a remote aggressor to submit a especially crafted enquiry to an affected SQL server.
Windows PDF Remote Code Execution Vulnerability (CVE-2018-8350)
Windows 10 systems amongst Microsoft Edge develop equally the default browser tin hold out compromised exactly past times convincing users to persuasion a website.
Due to improper treatment of the objects inwards the memory, Windows 10's PDF library could hold out exploited past times a remote aggressor to execute arbitrary code on the targeted system.
"The aggressor could too bring payoff of compromised websites or websites that stimulate got or host user-provided content or advertisements, past times adding especially crafted PDF content to such sites," Microsoft says inwards its advisory.
"Only Windows 10 systems amongst Microsoft Edge develop equally the default browser tin hold out compromised simply past times viewing a website."
Microsoft Exchange Memory Corruption Vulnerability (CVE-2018-8302)
This vulnerability resides inwards the agency this software handles objects inwards memory, allowing a remote aggressor to run arbitrary code inwards the context of the System user exactly past times sending a especially crafted e-mail to the vulnerable Exchange server.
The flaw affects Microsoft Exchange Server 2010, 2013 together with 2016.
Microsoft Graphics Remote Code Execution Vulnerability (CVE-2018-8344)
Microsoft revealed that Windows font library improperly handles especially crafted embedded fonts, which could allow attackers to bring command of the affected organization past times serving maliciously embedded fonts via a especially crafted website together with document file.
This vulnerability affects Windows 10, 8.1, together with 7, together with Windows Server 2016 together with 2012.
LNK Remote Code Execution Vulnerability (CVE-2018-8345)
This vulnerability exists inwards .LNK shortcut file format used past times Microsoft Windows 10, 8.1, seven together with Windows Server editions.
An aggressor tin purpose malicious .LNK file together with an associated malicious binary to execute arbitrary code on the targeted system. Successful exploitation of this vulnerability could allow attackers to hit the same user rights on the target Windows organization equally the local user.
According to the Microsoft advisory, users accounts configured amongst fewer user rights on the organization are less impacted past times this vulnerability than users who operate amongst administrative user rights.
GDI+ Remote Code Execution Vulnerability (CVE-2018-8397)
This RCE flaw resides inwards the agency Windows Graphics Device Interface (GDI) handles objects inwards the memory, allowing an aggressor to bring command of the affected organization if exploited successfully.
"An aggressor could hence install programs; view, change, or delete data; or practise novel accounts amongst amount user rights," Microsoft says inwards its advisory explaining the flaw.
"Users whose accounts are configured to stimulate got fewer user rights on the organization could hold out less impacted than users who operate amongst administrative user rights."The vulnerability affects Windows seven together with Windows Server 2008.
Besides this, Microsoft has too pushed safety updates to patch vulnerabilities inwards Adobe products, details of which y'all tin larn through a dissever article posted today.
Users are strongly advised to apply safety patches equally shortly equally possible to continue hackers together with cybercriminals away from taking command of their computers.
For installing safety updates, lead caput on to Settings → Update & safety → Windows Update → Check for updates, or y'all tin install the updates manually.
