Microsoft Monthly Security Update (May 2018)

[Updated on 2024-08-06]

Updated Risk Level, Description, Source and Related Links.

CVE-2018-0824 vulnerability is exploited in the wild. Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script. Hence, the risk level is rated from High Risk to Extremely High Risk.

Microsoft has released monthly security update for their products:

Vulnerable Product	Severity	Impacts	Notes	Details (including CVE)
Windows	Extremely High Risk	Security Restriction Bypass Remote Code Execution Elevation of Privilege Information Disclosure	CVE-2018-0824 is exploited in the wild. Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.	KB4103716 KB4134651 KB4103718 KB4103712 KB4101477 KB4103723 KB4103731 KB4103730 KB4103725 KB4103726 KB4103721 KB4130944 KB4094079 KB4131188 KB4103727 KB4103715
Browser	Moderately Critical	Security Restriction Bypass Remote Code Execution Information Disclosure		KB4103727 KB4103725 KB4103768 KB4103716 KB4103731 KB4103730 KB4103723 KB4103721 KB4103718
Developer Tools	Moderately Critical	Security Restriction Bypass Remote Code Execution Denial of Service Information Disclosure		KB4103716 KB4103727 KB4103723 KB4103768 KB4103731 KB4103730 KB4103725 KB4103721 KB4103718
Exchange Server	Moderately Critical	Remote Code Execution Elevation of Privilege Spoofing Information Disclosure		KB4092041 KB4091243 KB4092041 KB4092041 KB4092041 KB4092041
Microsoft Office	Moderately Critical	Security Restriction Bypass Remote Code Execution Elevation of Privilege Information Disclosure		KB4022141 KB4018327 KB4022139 KB4018383 KB4018382 KB4018396 KB4018381 KB4022146 KB3162075 KB4018327 KB4018382 KB4022141 KB4018390 KB4022139 KB4022146 KB4018396 KB3172436 KB4022137 KB4018308 KB3172436 KB4018399 KB2899590 KB4018388 KB2899590 KB4018399 KB4018398 KB4022137 KB4022150 KB3162075 KB4022145 KB4018383 KB4018393 KB4022130 KB3114889 KB4022142 KB4022135

Number of ‘Extremely Critical’ product(s): 0

Number of ‘Highly Critical’ product(s): 1

Number of ‘Moderately Critical’ product(s): 4

Evaluation of overall ‘Criticality Level’: Highly Critical

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Security Restriction Bypass
• Information Disclosure
• Spoofing

System / Technologies affected

• Windows
• Browser
• Developer Tools
• Exchange Server
• Microsoft Office

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

• The vendor has issued security updates for the products. Please refer to ‘Details’ column in the above table for details of individual product update or run software update.

Vulnerability Identifier

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2018&month=5

Source

• Microsoft
• https://www.cisa.gov/news-events/alerts/2024/08/05/cisa-adds-one-known-exploited-vulnerability-catalog

Related Link

• https://portal.msrc.microsoft.com/zh-tw/security-guidance/releasenotedetail/a82328f9-1f26-e811-a968-000d3a33a34d
• https://www.cisa.gov/news-events/alerts/2024/08/05/cisa-adds-one-known-exploited-vulnerability-catalog