Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Today is the October 2018 Patch Tuesday, which means a boatload of security updates are out for Microsoft products including Windows, Office, and Exchange Server. These updates fix known bugs and security vulnerabilities found within Microsoft's products.

This article will cover the security updates released today as part of the October 2018 Patch Tuesday. These updates resolve 50 known vulnerabilities in Microsoft's products, with 12 of them being labeled as critical.

For information about the non-security Windows updates, you can read about today's Windows 10 KB4464330, KB4462919 and KB4462918 Cumulative Updates and the Microsoft Releases Windows 7 & 8.1 Cumulative Updates KB4462923 & KB4462926.

Critical Vulnerabilities fixed in the October 2018 Patch Tuesday updates

This Patch Tuesday fixes 12 Critical security vulnerabilities that when exploited could lead to code execution. These vulnerabilities are the most dangerous as if they are exploited could allow a remote attacker to execute commands on a vulnerable computer and essentially take full control.

CVE-2018-8473 - Microsoft Edge Memory Corruption Vulnerability is a  remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. 

CVE-2018-8460 - Internet Explorer Memory Corruption Vulnerability is a remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2018-8489 - Windows Hyper-V Remote Code Execution Vulnerability is a remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

CVE-2018-8490 - Windows Hyper-V Remote Code Execution Vulnerability is a remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

CVE-2018-8491 - Internet Explorer Memory Corruption Vulnerability is a remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.  

CVE-2018-8494 - MS XML Remote Code Execution Vulnerability is a remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system.

CVE-2018-8500 - Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2018-8505 - Chakra Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2018-8509 - Microsoft Edge Memory Corruption Vulnerability is a remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

CVE-2018-8510 - Chakra Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2018-8511 - Chakra Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

CVE-2018-8513 - Chakra Scripting Engine Memory Corruption Vulnerability is a remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

The October 2018 Patch Tuesday Security Updates

Below is the full list of vulnerabilities resolved by the October 2018 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag	CVE ID	CVE Title
Azure	CVE-2018-8531	Azure IoT Device Client SDK Memory Corruption Vulnerability
Device Guard	CVE-2018-8492	Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Internet Explorer	CVE-2018-8460	Internet Explorer Memory Corruption Vulnerability
Internet Explorer	CVE-2018-8491	Internet Explorer Memory Corruption Vulnerability
Microsoft Edge	CVE-2018-8473	Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge	CVE-2018-8512	Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge	CVE-2018-8530	Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge	CVE-2018-8509	Microsoft Edge Memory Corruption Vulnerability
Microsoft Exchange Server	CVE-2010-3190	MFC Insecure Library Loading Vulnerability
Microsoft Exchange Server	CVE-2018-8448	Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server	CVE-2018-8265	Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics Component	CVE-2018-8486	DirectX Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2018-8484	DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2018-8453	Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2018-8472	Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine	CVE-2018-8423	Microsoft JET Database Engine Remote Code Execution Vulnerability
Microsoft Office	ADV180026	Microsoft Office Defense in Depth Update
Microsoft Office	CVE-2018-8501	Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office	CVE-2018-8427	Microsoft Graphics Components Information Disclosure Vulnerability
Microsoft Office	CVE-2018-8504	Microsoft Word Remote Code Execution Vulnerability
Microsoft Office	CVE-2018-8502	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2018-8432	Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2018-8498	Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint	CVE-2018-8480	Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint	CVE-2018-8488	Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint	CVE-2018-8518	Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Scripting Engine	CVE-2018-8511	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8500	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8505	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8503	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8510	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2018-8513	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows	CVE-2018-8411	NTFS Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2018-8333	Microsoft Filter Manager Elevation Of Privilege Vulnerability
Microsoft Windows	CVE-2018-8493	Windows TCP/IP Information Disclosure Vulnerability
Microsoft Windows	CVE-2018-8506	Microsoft Windows Codecs Library Information Disclosure Vulnerability
Microsoft Windows DNS	CVE-2018-8320	Windows DNS Security Feature Bypass Vulnerability
Microsoft XML Core Services	CVE-2018-8494	MS XML Remote Code Execution Vulnerability
SQL Server	CVE-2018-8527	SQL Server Management Studio Information Disclosure Vulnerability
SQL Server	CVE-2018-8532	SQL Server Management Studio Information Disclosure Vulnerability
SQL Server	CVE-2018-8533	SQL Server Management Studio Information Disclosure Vulnerability
Windows - Linux	CVE-2018-8329	Linux On Windows Elevation Of Privilege Vulnerability
Windows Hyper-V	CVE-2018-8489	Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V	CVE-2018-8490	Windows Hyper-V Remote Code Execution Vulnerability
Windows Kernel	CVE-2018-8330	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2018-8497	Windows Kernel Elevation of Privilege Vulnerability
Windows Media Player	CVE-2018-8482	Windows Media Player Information Disclosure Vulnerability
Windows Media Player	CVE-2018-8481	Windows Media Player Information Disclosure Vulnerability
Windows Shell	CVE-2018-8413	Windows Theme API Remote Code Execution Vulnerability
Windows Shell	CVE-2018-8495	Windows Shell Remote Code Execution Vulnerability