Close to 70 vulnerabilities addressed in this month’s Patch Tuesday update from Microsoft
Microsoft patched 67 different vulnerabilities in its monthly Patch Tuesday release. Of the common vulnerabilities and exposures (CVEs), 24 are considered Critical, 42 are rated Important, and one is characterized as Moderate in severity.
There are no zero-day patches this month. Affected products include: Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Adobe Flash Player, Microsoft Malware Protection Engine, Microsoft Visual Studio, and the Microsoft Azure IoT SDK. Adobe also patched 6 vulnerabilities in Adobe Flash. The details on the releases can be found on the Microsoft site.
While there were no zero-day releases, Microsoft had already released urgent fixes in weeks leading up to Tuesday, including one that addresses an exploit that was created in an attempt to correct earlier patch issues related the Meltdown chip vulnerability. Across industry blogs on this month’s patches, researchers noted several of the updates deserved attention. Also notable is Microsoft’s disclosure of a publicly known SharePoint elevation of privilege bug (CVE-2018-1034).
“There is one public disclosure this month in SharePoint Server. The challenging aspect of this month is that there are enough critical vulnerabilities in the Operating System, browser updates, and in Office that all three should be prioritized,” said Chris Goettl in a blog post for Ivanti.