[Vulnerability Warning] Notice on Multiple Key Microsoft Vulnerabilities in August

2018-08-17 11:06:33
Dear user

Dear customer, Microsoft recently released the August security patches to fix 20 serious vulnerabilities by which the malicious attackers can use to elevate privileges and attack through remote codes. In order to secure your business from being affected by vulnerabilities, JD Cloud security team recommends that you should conduct the security self-examination in a timely manner. If your business is in the affecting scope, please update and fix the problem in time to avoid attacks from an external attacker.


[Vulnerability Details]

Serious vulnerabilities (20):

CVE-2018-8273 - Microsoft SQL Server remote code execution Vulnerability

CVE-2018-8302 - Microsoft Exchange email and calendar software remote code execution Vulnerability

CVE-2018-8344 - Windows font library remote code execution Vulnerability

CVE-2018-8350 - Microsoft Windows PDF Library remote code execution Vulnerability

CVE-2018-8266 - Chakra scripting engine remote code execution Vulnerability

CVE-2018-8355 - Chakra scripting engine remote code execution Vulnerability

CVE-2018-8380 - Chakra scripting engine remote code execution Vulnerability

CVE-2018-8381 - Chakra scripting engine remote code execution Vulnerability

CVE-2018-8384 - Chakra scripting engine remote code execution Vulnerability

CVE-2018-8397 - Windows Graphics Device Interface (GDI) remote code execution Vulnerability

CVE-2018-8345 - LNK Remote Code Execution Vulnerability

CVE-2018-8359 - Scripting Engine Memory Corruption Vulnerability

CVE-2018-8371 - Scripting Engine Memory Corruption Vulnerability

CVE-2018-8372 - Scripting Engine Memory Corruption Vulnerability

CVE-2018-8373 - Scripting Engine Memory Corruption Vulnerability

CVE-2018-8377 - Microsoft Edge Memory Corruption Vulnerability

CVE-2018-8385 - Scripting Engine Memory Corruption Vulnerability

CVE-2018-8387 - Microsoft Edge Memory Corruption Vulnerability

CVE-2018-8390 - Scripting Engine Memory Corruption Vulnerability

CVE-2018-8403 - Microsoft Browser Memory Corruption Vulnerability


[Vulnerability Damage]

Attackers can use the above vulnerabilities to elevate privileges and attack through remote codes, leading to intrusion of server.


[Risk Grade]

High risk


[Affecting Versions]

Versions known to be affected include:

Microsoft SQL Server

Microsoft Edge

Chakra Scripting Engine

Windows Kernel


[Patch Suggestion]

It is recommended to conduct data backup and verification evaluation in advance before the change to avoid unavailability of business by the change.

1. Use Windows Update function by clicking “Check Update” to install corresponding security patches; reboot the system after completion of installation;

2. You can also manually download the patches to install them through this download link:https://portal.msrc.microsoft.com/en-us/security-guidance


[Reference Information]

https://blog.talosintelligence.com/2018/08/ms-tuesday.html


JD Cloud team

2018-08-17 11:06:33