Microsoft Issues Patches for 54 Faults; 17 Acute

July 12, 2018

 

This Patch Tuesday has seen Microsoft release patches for 54 weaknesses, 27 of which might let distant code misuse. 17 of the faults have been rated serious and 33 are rated significant. Three of the weaknesses were revealed before Microsoft issued patches. The patches address bugs in 15 products.

The bulk of the serious faults are scripting faults in Internet Explorer, including four memory corruption weaknesses in the Jscript Chakra scripting engine for the 32-bit type of Internet Explorer. These are CVE-2018-8280, CVE-2018-9290, CVE-2018-8286, and CVE-2018-8294. All might be abused to let distant code execution.

Eight faults have been rectified in Microsoft Edge: Four information disclosure weaknesses (CVE-2018-8289, CVE-2018-8324, CVE-2018-8325, CVE-2018-8297), three memory corruption weaknesses (CVE-2018-8301, CVE-2018-8262, CVE-2018-8274), and one spoofing weakness (CVE-2018-8278). The spoofing weakness might be used to deceive a user into thinking they are on a genuine website. “[A] specifically created website might either spoof matter or serve as a hinge to chain an attack with other weaknesses in web services,” said Microsoft.

Altogether, 16 of the critical faults affect browsers or technologies linked to browsers. These must be a priority for all workplaces used to access the Internet.

One serious weakness affects the PowerShell Editor Facilities (CVE-2018-8327), which must be prioritized as PowerShell is frequently used to provide malevolent loads.

CVE-2018-8304 is a Windows DNSAPI Denial of Service weakness that might let an attacker distantly close down a DNS server just using a malformed DNS reaction.

CVE-2018-8310 has been ranked low risk, even though a patch was released to rectify Microsoft Office fault, which would let an attacker insert untrusted TrueType fonts into an electronic mail, and by doing so, evade spam filters and make sure malevolent messages are provided to end users.

CVE-2018-8319 is an MSR JavaScript cryptography library safety feature evade weakness. This flaw lets an attacker create signatures that imitate the unit connected with a public/private key pair, making an attack appear valid.

Microsoft has also tackled the Lazy FP State Restore weakness, which is similar to the Meltdown/Spectre weaknesses, and might let distant code execution on a weak system.

Microsoft has also included Adobe patches which tackle Flash weaknesses on its supported operating systems. Adobe has released patches for 104 weaknesses in Reader, Experience Manager, Connect, Acrobat, and Flash, 96 of which are rated important or critical.