Microsoft fixes 51 security issues on October Patch Tuesday
Microsoft released the October security update patch on Tuesday, fixing 51 security issues ranging from simple spoofing attacks to remote code execution. Products include .NET Core, Azure, Device Guard, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows DNS, Microsoft XML Core Services, SQL Server, Windows – Linux, Windows Hyper-V, Windows Kernel, Windows Media Player, and Windows Shell.
Product | CVE number | CVE title |
.NET Core | CVE-2018-8292 | .NET Core Information Disclosure Vulnerability |
Azure | CVE-2018-8531 | Azure IoT Device Client SDK Memory Corruption Vulnerability |
Device Guard | CVE-2018-8492 | Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Internet Explorer | CVE-2018-8460 | Internet Explorer Memory Corruption Vulnerability |
Internet Explorer | CVE-2018-8491 | Internet Explorer Memory Corruption Vulnerability |
Microsoft Edge | CVE-2018-8473 | Microsoft Edge Memory Corruption Vulnerability |
Microsoft Edge | CVE-2018-8509 | Microsoft Edge Memory Corruption Vulnerability |
Microsoft Edge | CVE-2018-8512 | Microsoft Edge Security Feature Bypass Vulnerability |
Microsoft Edge | CVE-2018-8530 | Microsoft Edge Security Feature Bypass Vulnerability |
Microsoft Exchange Server | CVE-2018-8265 | Microsoft Exchange Remote Code Execution Vulnerability |
Microsoft Exchange Server | CVE-2018-8448 | Microsoft Exchange Server Privilege Escalation Vulnerability |
Microsoft Exchange Server | CVE-2010-3190 | MFC Insecure Library Loading Vulnerability |
Microsoft Graphics Component | CVE-2018-8453 | Win32k Privilege Escalation Vulnerability |
Microsoft Graphics Component | CVE-2018-8484 | DirectX Graphics Kernel Privilege Escalation Vulnerability |
Microsoft Graphics Component | CVE-2018-8486 | DirectX Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2018-8472 | Windows GDI Information Disclosure Vulnerability |
Microsoft JET Database Engine | CVE-2018-8423 | Microsoft JET Database Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8432 | Microsoft Graphics Components Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8427 | Microsoft Graphics Components Information Disclosure Vulnerability |
Microsoft Office | CVE-2018-8501 | Microsoft PowerPoint Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8502 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2018-8504 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Office | ADV180026 | Microsoft Office Defense in Depth Update |
Microsoft Office SharePoint | CVE-2018-8480 | Microsoft SharePoint privilege elevation vulnerability |
Microsoft Office SharePoint | CVE-2018-8488 | Microsoft SharePoint privilege elevation vulnerability |
Microsoft Office SharePoint | CVE-2018-8518 | Microsoft SharePoint privilege elevation vulnerability |
Microsoft Office SharePoint | CVE-2018-8498 | Microsoft SharePoint privilege elevation vulnerability |
Microsoft Scripting Engine | CVE-2018-8500 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8503 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8505 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8510 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8511 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2018-8513 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Windows | CVE-2018-8333 | Microsoft Filter Manager Elevation Of Privilege Vulnerability |
Microsoft Windows | CVE-2018-8411 | NTFS privilege elevation vulnerability |
Microsoft Windows | CVE-2018-8506 | Microsoft Windows Codecs Library Information Disclosure Vulnerability |
Microsoft Windows | CVE-2018-8493 | Windows TCP/IP Information Disclosure Vulnerability |
Microsoft Windows DNS | CVE-2018-8320 | Windows DNS Security Feature Bypass Vulnerability |
Microsoft XML Core Services | CVE-2018-8494 | MS XML Remote Code Execution Vulnerability |
SQL Server | CVE-2018-8527 | SQL Server Management Studio Information Disclosure Vulnerability |
SQL Server | CVE-2018-8532 | SQL Server Management Studio Information Disclosure Vulnerability |
SQL Server | CVE-2018-8533 | SQL Server Management Studio Information Disclosure Vulnerability |
Windows – Linux | CVE-2018-8329 | Linux On Windows Elevation Of Privilege Vulnerability |
Windows Hyper-V | CVE-2018-8489 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2018-8490 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows Kernel | CVE-2018-8330 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2018-8497 | Windows Kernel Privilege Escalation Vulnerability |
Windows Media Player | CVE-2018-8481 | Windows Media Player Information Disclosure Vulnerability |
Windows Media Player | CVE-2018-8482 | Windows Media Player Information Disclosure Vulnerability |
Windows Shell | CVE-2018-8413 | Windows Theme API Remote Code Execution Vulnerability |
Windows Shell | CVE-2018-8495 | Windows Shell Remote Code Execution Vulnerability |
Microsoft officially has released an update patch; please update your system as soon as possible.