Microsoft released patches for 48 vulnerabilities today and one advisory regarding a defense in depth update for Office. No Adobe updates are included so far, but Adobe has released updates to PDF Reader / Acrobat about a week ago.

Two vulnerabilities have been disclosed before:

CVE-2018-8531: A memory corruption vulnerability in the Azure IoT Device Client SDK (rated important)

CVE-2018-8432: A remote code execution vulnerability in the JET database engine (this issue was widely covered. It requires an attacker to convince the victim to open a malicious JET database file. Office products include JET).

CVE-2018-8453: This vulnerability, a privilege escalation issue in Win32k, was already exploited in the wild.

CVE-2018-8497: Another privilege escalation issues that was made public prior to today but not yet seen in exploits per Microsoft.

For a more detailed breakdown, see again Renato's dashboard: https://patchtuesdaydashboard.com/

Description CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG) Azure IoT Device Client SDK Memory Corruption Vulnerability CVE-2018-8531 Yes No Less Likely Less Likely Important Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8503 No No - - Low 4.2 3.8 CVE-2018-8505 No No - - Critical 4.2 3.8 CVE-2018-8510 No No - - Critical 4.2 3.8 CVE-2018-8511 No No - - Critical 4.2 3.8 CVE-2018-8513 No No - - Critical 4.2 3.8 Device Guard Code Integrity Policy Security Feature Bypass Vulnerability CVE-2018-8492 No No More Likely More Likely Important 5.3 4.8 DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2018-8484 No No Less Likely Less Likely Important 7.0 6.3 DirectX Information Disclosure Vulnerability CVE-2018-8486 No No More Likely More Likely Important 4.7 4.2 Internet Explorer Memory Corruption Vulnerability CVE-2018-8460 No No - - Critical 6.4 5.8 CVE-2018-8491 No No - - Critical 6.4 5.8 Linux On Windows Elevation Of Privilege Vulnerability CVE-2018-8329 No No - - Important 7.0 6.3 MFC Insecure Library Loading Vulnerability CVE-2010-3190 No No Less Likely Less Likely Important MS XML Remote Code Execution Vulnerability CVE-2018-8494 No No Less Likely Less Likely Critical 7.5 6.7 Microsoft Edge Memory Corruption Vulnerability CVE-2018-8473 No No - - Critical 4.2 3.8 CVE-2018-8509 No No - - Critical 4.2 3.8 Microsoft Edge Security Feature Bypass Vulnerability CVE-2018-8512 No No - - Important 4.2 3.8 CVE-2018-8530 No No - - Important 4.3 3.9 Microsoft Excel Remote Code Execution Vulnerability CVE-2018-8502 No No More Likely More Likely Important Microsoft Exchange Remote Code Execution Vulnerability CVE-2018-8265 No No Less Likely Less Likely Important Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2018-8448 No No Less Likely Less Likely Important Microsoft Filter Manager Elevation Of Privilege Vulnerability CVE-2018-8333 No No More Likely More Likely Important 7.0 6.1 Microsoft Graphics Components Information Disclosure Vulnerability CVE-2018-8427 No No Less Likely Less Likely Important 4.7 4.2 Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2018-8432 No No Less Likely Less Likely Important 5.0 4.5 Microsoft JET Database Engine Remote Code Execution Vulnerability CVE-2018-8423 Yes No Less Likely Less Likely Important 7.8 7.0 Microsoft Office Defense in Depth Update ADV180026 No No Less Likely Less Likely None Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2018-8501 No No More Likely More Likely Important Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2018-8480 No No - - Important CVE-2018-8488 No No Less Likely Less Likely Important CVE-2018-8518 No No Less Likely Less Likely Important CVE-2018-8498 No No Less Likely Less Likely Important Microsoft Windows Codecs Library Information Disclosure Vulnerability CVE-2018-8506 No No Less Likely Less Likely Important 3.3 3.3 Microsoft Word Remote Code Execution Vulnerability CVE-2018-8504 No No More Likely More Likely Important NTFS Elevation of Privilege Vulnerability CVE-2018-8411 No No More Likely More Likely Important 7.0 6.3 SQL Server Management Studio Information Disclosure Vulnerability CVE-2018-8527 No No Less Likely Less Likely Important CVE-2018-8532 No No Less Likely Less Likely Important CVE-2018-8533 No No Less Likely Less Likely Moderate Scripting Engine Memory Corruption Vulnerability CVE-2018-8500 No No - - Critical Win32k Elevation of Privilege Vulnerability CVE-2018-8453 No Yes Detected More Likely Important 7.0 6.3 Windows DNS Security Feature Bypass Vulnerability CVE-2018-8320 No No Less Likely Less Likely Important 4.3 4.3 Windows GDI Information Disclosure Vulnerability CVE-2018-8472 No No Less Likely Less Likely Important 4.7 4.2 Windows Hyper-V Remote Code Execution Vulnerability CVE-2018-8489 No No Less Likely Less Likely Critical 7.6 6.8 CVE-2018-8490 No No Less Likely Less Likely Critical 7.6 6.8 Windows Kernel Elevation of Privilege Vulnerability CVE-2018-8497 Yes No More Likely More Likely Important 7.8 7.0 Windows Kernel Information Disclosure Vulnerability CVE-2018-8330 No No Less Likely Less Likely Important 4.7 4.1 Windows Media Player Information Disclosure Vulnerability CVE-2018-8481 No No Less Likely Less Likely Important 3.5 3.5 CVE-2018-8482 No No Less Likely Less Likely Important 3.5 3.5 Windows Shell Remote Code Execution Vulnerability CVE-2018-8495 No No - - Important 4.2 3.8 Windows TCP/IP Information Disclosure Vulnerability CVE-2018-8493 No No - - Important 5.9 5.3 Windows Theme API Remote Code Execution Vulnerability CVE-2018-8413 No No More Likely More Likely Important 5.0 4.5

---

Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute

Twitter|