Microsoft Security Updates: July 2018

Microsoft Security Updates: July 2018

Security Updates-July-2018

This month’s Patch Tuesday is medium in weight, with 54 CVEs containing 17 Critical. All but two of the Critical vulnerabilities are in Microsoft’s browsers or browser-related technologies. An additional speculative execution vulnerability announced in June was patched as well. Adobe has also released patches covering multiple products each with multiple CVEs.

 

Browser Vulnerabilities

The 16 CVEs covering browsers should be prioritized for workstation type devices, meaning any system where users are commonly accessing the public internet through a browser or checking email. This includes multi-user servers that are used as remote desktops for users.

 

Lazy FP State Restore

Following June’s Patch Tuesday, Microsoft released information on all supported versions of Windows covering a new side-channel attack on speculative execution. This vulnerability is similar to other Meltdown/Spectre vulnerabilities and does require the attacker to execute code on a vulnerable system. Patches have been made available for this Patch Tuesday, and are ranked as Important.

 

PowerShell Editor Services

A vulnerability was patched in PowerShell Editor Services. Microsoft has not provided a CVSS score for this vulnerability at the time of this posting, but has ranked it as Critical.

 

Microsoft Exchange / Oracle Outside In library

Microsoft also released out-of-band patches in June for Exchange Server that addresses vulnerabilities patched in the Oracle Outside In library. These patches should be prioritized for all Exchange servers.

 

Adobe

Adobe has released several patches covering Acrobat, Reader, Flash, Adobe Connect, and Adobe Experience Manager. Vulnerabilities in Acrobat, Reader, and Flash have been marked as critical. Flash has one critical CVE, while Acrobat and Reader have over 50. Microsoft has provided patches for Flash on supported operating systems. These patches should be prioritized for all workstation type systems.

 

Executive Summary

  • Microsoft released security updates for all client and server versions of Windows.
  • No critical vulnerabilities for all client and server versions of Windows.
  • Critical vulnerabilities in Edge and Internet Explorer.
  • Other Microsoft products with security updates are: Microsoft Office, .NET Framework, ASP.NET, Visual Studio, Skype for Business and Microsoft Lync, and Internet Explorer / Microsoft Edge

 

Operating System Distribution

  • Windows 7: 7 vulnerabilities of which 7 are important.
  • Windows 8.1: 9 vulnerabilities of which 9 are important.
  • Windows 10 version 1607: 8 vulnerabilities of which 8 are important.
  • Windows 10 version 1703: 8 vulnerabilities of which 8 are important.
  • Windows 10 version 1709: 8 vulnerabilities of which 8 are important.
  • Windows 10 version 1803: 7 vulnerabilities of which 7 are important.

 

Windows Server products

  • Windows Server 2008 R2: 8 vulnerabilities of which 8 are important.
  • Windows Server 2012 and 2012 R2: 9 vulnerabilities of which 9 are important.
  • Windows Server 2016: 8 vulnerabilities of which 8 are important.

 

Other Microsoft Products

  • Internet Explorer 11: 6 vulnerabilities, 4 critical, 2 important
  • Microsoft Edge: 19 vulnerabilities, 12 critical, 7 important

 

Direct update downloads

Microsoft publishes downloads of all updates that it releases on the company's Microsoft Download Center website.

 

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4338818 -- 2018-07 Security Monthly Quality Rollup for Windows 7
  • KB4338823 — 2018-07 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4338815 — 2018-07 Security Monthly Quality Rollup for Windows 8.1
  • KB4338824 — 2018-07 Security Only Quality Update for Windows 8.1

Windows 10 and Windows Server 2016 (version 1607)

  • KB4338814 — 2018-07 Cumulative Update for Windows 10 Version 1607

Windows 10 (version 1703)

  •  KB4338826 — 2018-07 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4338825 — 2018-07 Cumulative Update for Windows 10 Version 1709

Windows 10 (version 1803)

  • KB4338819 — 2018-07 Cumulative Update for Windows 10 Version 1709