December 2018 Patch Tuesday has seen Microsoft issue repairs for 39 vulnerabilities, 10 of which have been ranked serious, and two are being actively abused in the wild. There are 9 critical vulnerabilities in Microsoft products and one critical weakness in Adobe Flash Player.
The repairs include the following products and services: Microsoft Windows, WindowsKernel-Mode Drivers, Windows Kernel, Windows Azure Pack, Windows Authentication Methods, Visual Studio, Microsoft Windows DNS, Microsoft Scripting Engine, MicrosoftExchange Server, Microsoft Dynamics, Microsoft Graphics Component, MicrosoftOffice SharePoint, Microsoft Edge, Internet Explorer, Microsoft Office, and .NET Framework.
December 2018 Patch Tuesday Serious Microsoft vulnerabilities
The serious ulnerabilities affect the Chakra Scripting Engine of Microsoft Edge (5),.NETframework (1), Microsoft Text-to-Speech (1), Internet Explorer (1), and Windows DNS server (1).
- CVE-2018-8583; CVE-2018-8617; CVE-2018-8618; CVE-2018-8624; CVE-2018-8629: Chakra Scripting Engine: Memory corruption
vulnerabilities because of how Microsoft Edge manages memory items. Misuse would require a user to visit a specifically created website, via a link in a phishing electronic mail or malvertising, for instance. - CVE-2018-8540: .NETFramework: A distant code injection vulnerability when the .NET framework fails to authenticate input properly. An attacker could gain complete control of an affected system if an admin user’s account is compromised.
- CVE-2018-8626: WindowsDNS Server: A heap overflow vulnerability affecting Windows servers arranged as DNS servers, which could let distant code implementation on the Local System Account.
- CVE-2018-8631: InternetExplorer: A memory corruption weakness that might let distant code implementation. Misuse would require a user to visit a specifically created website, via a link in a phishing electronic mail, for instance.
- CVE-2018-8634: Microsoft text-to-Speech: Distant code implementation vulnerability because of a failure to properly manage items in the memory. The fault could be abused to take complete control of a vulnerable system.
- ADV180031: Adobe FlashPlayer: Adobe repaired two vulnerabilities in an out-of-band update on December 5. Microsoft has tackled these vulnerabilities, which are presently being abused in the wild.
Adobe Updates: December 2018 Patch Tuesday
Adobe has issued a large number of updates to tackle a slew of lately found
vulnerabilities. 87 updates had been included in the total, 39 of which have been ranked serious and could let an attacker implement the arbitrary code or elevate privileges on vulnerable appliances. Many of the vulnerabilities could be used collectively to give
These repairs are in addition to an out-of-bounds update released earlier in December to repair two actively abused vulnerabilities.
All repairs must be applied as soon as possible.