Image

In-The-Wild & Disclosed CVEs
CVE-2018-8611
Microsoft is reporting that this Windows kernel privilege escalation vulnerability is seeing active exploitation on older versions of Windows. Successful exploitation can allow an attacker to run code in kernel mode. This issue was resolved by changing how the Windows kernel handles objects in memory. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely) on their latest Windows release, while active exploitation has been detected on older releases.CVE-2018-8517
This vulnerability is a publicly disclosed issue with the .NET Framework that could allow an unauthenticated attacker to DoS a .NET Framework based web application by sending malformed web requests. Microsoft has rated this as a 3 on the Exploitability Index (Exploitation Unlikely).CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag |
CVE Count |
CVEs |
Microsoft Dynamics |
1 |
CVE-2018-8651 |
Windows Kernel-Mode Drivers |
1 |
CVE-2018-8641 |
Microsoft Windows DNS |
2 |
CVE-2018-8514, CVE-2018-8626 |
Microsoft Windows |
1 |
CVE-2018-8649 |
Windows Azure Pack |
1 |
CVE-2018-8652 |
.NET Framework |
2 |
CVE-2018-8517, CVE-2018-8540 |
Microsoft Graphics Component |
4 |
CVE-2018-8595, CVE-2018-8596, CVE-2018-8638, CVE-2018-8639 |
Visual Studio |
1 |
CVE-2018-8599 |
Windows Kernel |
6 |
CVE-2018-8477, CVE-2018-8611, CVE-2018-8612, CVE-2018-8621, CVE-2018-8622, CVE-2018-8637 |
Windows Authentication Methods |
1 |
CVE-2018-8634 |
Internet Explorer |
2 |
CVE-2018-8619, CVE-2018-8631 |
Microsoft Exchange Server |
1 |
CVE-2018-8604 |
Microsoft Office |
6 |
CVE-2018-8587, CVE-2018-8597, CVE-2018-8598, CVE-2018-8627, CVE-2018-8628, CVE-2018-8636 |
Microsoft Scripting Engine |
7 |
CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624, CVE-2018-8625, CVE-2018-8629, CVE-2018-8643 |
Microsoft Office SharePoint |
2 |
CVE-2018-8580, CVE-2018-8635 |