December 2018 Patch Tuesday has seen Microsoft release repairs for 39 weaknesses, 10 of which have been ranked serious, and two are being actively abused in the wild. There are 9 critical weaknesses in Microsoft products and one critical weakness in Adobe Flash Player.
The repairs include the following products and services: Microsoft Windows, WindowsKernel-Mode Drivers, Windows Kernel, Windows Azure Pack, Windows Authentication Methods, Visual Studio, Microsoft Windows DNS, Microsoft Scripting Engine, MicrosoftExchange Server, Microsoft Dynamics, Microsoft Graphics Component, MicrosoftOffice SharePoint, Microsoft Edge, Internet Explorer, Microsoft Office, and .NET Framework.
December 2018 Patch Tuesday Serious Microsoft Weaknesses
The serious weaknesses affect the Chakra Scripting Engine of Microsoft Edge (5),.NETframework (1), Microsoft Text-to-Speech (1), Internet Explorer (1), and Windows DNS server (1).
- CVE-2018-8583; CVE-2018-8617; CVE-2018-8618; CVE-2018-8624; CVE-2018-8629: Chakra Scripting Engine: Memory corruption weaknesses because of how Microsoft Edge manages memory items. Misuse would require a user to visit a specifically created website, via a link in a phishing electronic mail or malvertising, for instance.
- CVE-2018-8540:.NETFramework: A distant code injection weakness when the .NET framework fails to authenticate input properly. An attacker could gain complete control of an affected system if an admin user’s account is compromised.
- CVE-2018-8626: WindowsDNS Server: A heap overflow weakness affecting Windows servers arranged as DNS servers, which could let distant code implementation on the Local SystemAccount.
- CVE-2018-8631: InternetExplorer: A memory corruption weakness that might let distant code implementation. Misuse would require a user to visit a specifically created website, via a link in a phishing electronic mail, for instance.
- CVE-2018-8634: Microsoft text-to-Speech: Distant code implementation weakness because of a failure to properly manage items in the memory. The fault could be abused to take complete control of a weak system.
- ADV180031: Adobe FlashPlayer: Adobe repaired two weaknesses in an out-of-band update on December 5. Microsoft has tackled these weaknesses, which are presently being abused in the wild.
Adobe Updates: December 2018 Patch Tuesday
Adobe has issued a large number of updates to tackle a slew of lately found weaknesses. 87updates have been included in the total, 39 of which have been ranked serious and could let an attacker implement the arbitrary code or elevate privileges on weak appliances. Many of the weaknesses could be used collectively to give
These repairs are in addition to an out-of-bounds update released earlier in December to repair two actively abused weaknesses.
All repairs must be applied as soon as possible.