Microsoft Patch Tuesday – July 2018

The Microsoft Patch Tuesday July 2018 security release consists of security updates for the following software:

• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• Adobe Flash Player
• .NET Framework
• ASP.NET
• Microsoft Research JavaScript Cryptography Library
• Skype for Business and Microsoft Lync
• Visual Studio
• Microsoft Wireless Display Adapter V2 Software
• PowerShell Editor Services
• PowerShell Extension for Visual Studio Code
• Web Customizations for Active Directory Federation Services

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

• ADV170017*
• ADV180002*
• ADV180012*
• ADV180016*
• ADV180017
• CVE-2018-8260 *
• CVE-2018-8281
• CVE-2018-8282
• CVE-2018-8289
• CVE-2018-8297
• CVE-2018-8299*
• CVE-2018-8300*
• CVE-2018-8305*
• CVE-2018-8306*
• CVE-2018-8310
• CVE-2018-8312
• CVE-2018-8323*
• CVE-2018-8324
• CVE-2018-8325
• CVE-2018-8326*
• CVE-2018-8327*

Known Issues

• 4338825
• 4338818

Breakdown of the issues being addressed July 2018

1. Cumulative Security Update for Microsoft BrowsersScripting Engine Memory Corruption Vulnerability (CVE-2018-8242) MS Rating: CriticalA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.Scripting Engine Memory Corruption Vulnerability (CVE-2018-8275) MS Rating: CriticalA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.Scripting Engine Memory Corruption Vulnerability (CVE-2018-8279) MS Rating: CriticalA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8280) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-8283) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8286) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-8288) MS Rating: Critical

   A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8290) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-8291) MS Rating: Critical

   A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8294) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-8296) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-8298) MS Rating: Critical

   A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8262) MS Rating: Critical

   A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8274) MS Rating: Critical

   A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8301) MS Rating: Critical

   A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Microsoft Edge Information Disclosure Vulnerability (CVE-2018-8324) MS Rating: Critical

   An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

   Scripting Engine Memory Corruption Vulnerability (CVE-2018-8287) MS Rating: Important

   A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Internet Explorer Security Bypass Vulnerability (CVE-2018-0949) MS Rating: Important

   A security bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources. An attacker who successfully exploited the vulnerability could force the browser to load data that would otherwise be restricted.

   Microsoft Edge Information Disclosure Vulnerability (CVE-2018-8289) MS Rating: Important

   An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

   Microsoft Edge Information Disclosure Vulnerability (CVE-2018-8297) MS Rating: Important

   An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

   Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8125) MS Rating: Important

   A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

   Scripting Engine Security Bypass Vulnerability (CVE-2018-8276) MS Rating: Important

   A security bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed. By itself, the CFG bypass vulnerability does not allow arbitrary code execution.
   
   
   
   
   Microsoft Edge Spoofing Vulnerability (CVE-2018-8278) MS Rating: Important

   A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website.

   Microsoft Edge Information Disclosure Vulnerability (CVE-2018-8325) MS Rating: Important

   An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

2. Cumulative Security Update for Microsoft OfficeMicrosoft Office Remote Code Execution Vulnerability (CVE-2018-8281) MS Rating: ImportantA remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2018-8299) MS Rating: ImportantA privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2018-8300) MS Rating: ImportantA remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

   Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2018-8323) MS Rating: Important

   A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

   Microsoft Access Remote Code Execution Use After Free Vulnerability (CVE-2018-8312) MS Rating: Important

   A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system.

   Microsoft Office Tampering Vulnerability (CVE-2018-8310) MS Rating: Low

   A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails. An attacker could exploit the vulnerability by sending a specially crafted email and attachment to a victim, or by hosting a malicious.

3. Cumulative Security Update for Microsoft .NETASP.NET Core Security Bypass Vulnerability (CVE-2018-8171) MS Rating: ImportantA security bypass vulnerability exists in ASP. NET Core when the number of incorrect login attempts is not validated. An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts..NET Framework Privilege Escalation Vulnerability (CVE-2018-8202) MS Rating: ImportantA Privilege Escalation vulnerability exists in . NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program..NET Framework Remote Code Execution Vulnerability (CVE-2018-8260) MS Rating: ImportantA Remote Code Execution vulnerability exists in . NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.

   .NET Framework Remote Code Injection Vulnerability (CVE-2018-8284) MS Rating: Important

   A remote code execution vulnerability exists when the Microsoft . NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to pass specific input to an application utilizing susceptible .Net methods.

   .NET Framework Security Bypass Vulnerability (CVE-2018-8356) MS Rating: Important

   A security bypass vulnerability exists when Microsoft . NET Framework components do not correctly validate certificates. An attacker could present expired certificates when challenged.

4. Cumulative Security Update for Microsoft Windows KernelWin32k Privilege Escalation Vulnerability (CVE-2018-8282) MS Rating: ImportantA privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.Windows Privilege Escalation Vulnerability (CVE-2018-8313) MS Rating: ImportantA privilege escalation vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.Windows Kernel Privilege Escalation Vulnerability (CVE-2018-8308) MS Rating: ImportantA privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
5. Cumulative Security Update for Microsoft WindowsPowerShell Editor Services Remote Code Execution Vulnerability (CVE-2018-8327) MS Rating: CriticalA remote code execution vulnerability exists in PowerShell Editor Services. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.Visual Studio Remote Code Execution Vulnerability (CVE-2018-8172) MS Rating: ImportantA remote code execution vulnerability exists in Visual Studio software when the software fails to check the source markup of a file for an unbuilt project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.Skype for Business and Lync Security Bypass Vulnerability (CVE-2018-8238) MS Rating: ImportantA security bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages. An attacker who successfully exploited the vulnerability could execute arbitrary commands in the context of the logged-in user.

   Remote Code Execution Vulnerability in Skype For Business and Lync (CVE-2018-8311) MS Rating: Important

   A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

   Windows FTP Server Denial of Service Vulnerability (CVE-2018-8206) MS Rating: Important

   A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

   Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2018-8222) MS Rating: Important

   A security bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session. An attacker who successfully exploited this vulnerability could inject code into a trusted PowerShell process to bypass the Device Guard Code Integrity policy on the local machine.

   Microsoft Macro Assembler Tampering Vulnerability (CVE-2018-8232) MS Rating: Moderate

   A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code. An attacker could introduce code into an application, which modifies data in an unintended manner.

   Windows DNSAPI Denial of Service Vulnerability (CVE-2018-8304) MS Rating: Important

   A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI. dll when it fails to properly handle DNS responses.Windows Mail Client Information Disclosure Vulnerability (CVE-2018-8305) MS Rating: Important

   An information disclosure vulnerability exists in Windows Mail Client when a message is opened. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site.

   Microsoft Wireless Display Adapter Command Injection Vulnerability (CVE-2018-8306) MS Rating: Important

   A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input. For this vulnerability to be exploited, the attacker must be authenticated (logged on) to the target display.

   WordPad Security Bypass Vulnerability (CVE-2018-8307) MS Rating: Important

   A security bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking.

   Windows Denial of Service Vulnerability (CVE-2018-8309) MS Rating: Important

   A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

   Windows Privilege Escalation Vulnerability (CVE-2018-8314) MS Rating: Important

   A privilege escalation vulnerability exists when Windows fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.

   MSR JavaScript Cryptography Library Security Bypass Vulnerability (CVE-2018-8319) MS Rating: Important

   A security bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations. An attacker could craft a signature, without the need of the corresponding key, and mimic the entity associated with the public/private key pair.

   Open Source Customization for Active Directory Federation Services XSS Vulnerability (CVE-2018-8326) MS Rating: Important

   A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected AD FS server.