Skip to main content

Microsoft Monthly Security Update (May 2018)

Last Update Date: 6 Aug 2024 Release Date: 9 May 2018 8790 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

[Updated on 2024-08-06]

Updated Risk Level, Description, Source and Related Links.

CVE-2018-0824 vulnerability is exploited in the wild. Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script. Hence, the risk level is rated from High Risk to Extremely High Risk.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductSeverityImpactsNotesDetails (including CVE)
WindowsExtremely High Risk Extremely High RiskSecurity Restriction Bypass
Remote Code Execution
Elevation of Privilege
Information Disclosure

CVE-2018-0824 is exploited in the wild.

Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.

BrowserModerately Critical Moderately CriticalSecurity Restriction Bypass
Remote Code Execution
Information Disclosure
 
Developer ToolsModerately Critical Moderately CriticalSecurity Restriction Bypass
Remote Code Execution
Denial of Service
Information Disclosure
 
Exchange ServerModerately Critical Moderately CriticalRemote Code Execution
Elevation of Privilege
Spoofing
Information Disclosure
 
Microsoft OfficeModerately Critical Moderately CriticalSecurity Restriction Bypass
Remote Code Execution
Elevation of Privilege
Information Disclosure
 

 

Number of 'Extremely Critical' product(s): 0

Number of 'Highly Critical' product(s): 1

Number of 'Moderately Critical' product(s): 4

Evaluation of overall 'Criticality Level': Highly Critical


Impact

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing

System / Technologies affected

  • Windows
  • Browser
  • Developer Tools
  • Exchange Server
  • Microsoft Office

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued security updates for the products. Please refer to 'Details' column in the above table for details of individual product update or run software update.

Vulnerability Identifier


Source


Related Link