Microsoft Security Update August 2018 (August 15, 2018)

Zero day CVE’s in the wild:

Find below the two zero day CVE’s for which SonicWall has provided protection with the specified signatures

CVE-2018-8414 Windows Shell Remote Code Execution Vulnerability

This is publicly known and being exploited in the wild.  Windows safe file formats have been abused by attackers for running malicious shell commands. Remote code execution can be achieved with minimal to no user interaction.

GAV: 15756 DeepLink.B_3

CVE-2018-8373 Internet Explorer Memory Corruption Vulnerability

A memory corruption vulnerability exists in the Microsoft Windows VBScript engine due to incorrect handling of a dynamic Array variable. A remote attacker can exploit this vulnerability by enticing a user to open a crafted web page using Internet Explorer or a crafted Microsoft Office document.

IPS: 13465 Scripting Engine Memory Corruption Vulnerability (AUG 18) 3

Critical & Important vulnerabilities:

Read More…