Microsoft Security Bulletin Release for August, 2018

[Corrine]

The August security release consists of 60 CVEs, of which 19 are listed as Critical and 39 are rated Important, 1 is rated as Moderate and 1 is rated as Low in severity. In particular, note that CVE-2018-8373 Interrnet Explorer Memory Corruption Vulnerability and CVE-2018-8414, Windows Shell Remote Code Execution Vulnerability are listed as publicly known and exploited. See Dustin Childs excellent review and recommendations in Zero Day Initiative — The August 2018 Security Update Review for additional information.

The release consists of security updates for the following: Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, Microsoft Exchange Server, Microsoft SQL Server and Visual Studio.

The updates address Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Information Disclosure, Defense in Depth, Tampering and Spoofing.

Release Notes

 

[Corrine]

Microsoft has released cumulative updates with non-security improvements and fixes for Windows 10 April 2018 Update (version 1803) and Windows 10 Fall Creators Update (version 1709).

• Version 1803: KB4346783
• Version 1709: KB4343893)

The updates are available from Windows Update or the Microsoft Update Catalog.

Note that there is a known issue for both versions if you use Microsoft Edge using the New Application Guard Window. If you’ve experienced the issue and already installed the update, there is a work-around for Version 1803 in the referenced KB article. For Version 1709, Microsoft is working on a resolution and will provide an update in an upcoming release for that as well as an additional known issue that affects some non-English platforms.