Vulnerability

May 2018 - Microsoft Releases Security Patches

Publish date: 六月 20, 2018

风险等级:

很低

//  建议日期

09 五月 2018


描述

Microsoft addresses vulnerabilities in its May security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2018-8174 - Windows VBScript Engine Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the VBScript engine of Windows. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0934 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the Chakra Scripting Engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8114 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer. This handling is corrected by this specific patch.


  • CVE-2018-8123 - Microsoft Edge Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0946 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8133 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the Chakra Scripting Engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8137 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0953 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0954 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer and Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8179 - Microsoft Edge Memory Corruption Vulnerability
    Risk Rating: Important

    The remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-0955 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the scripting engine of Internet Explorer. Objects in memory may be corrupted by an attacker, causing the vulnerability.


  • CVE-2018-0951 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8122 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the handling of objects in memory by the scripting engine in Internet Explorer and Microsoft Edge. This handling is corrected by this specific patch.


  • CVE-2018-8158 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by the update that modifies the way Microsoft Office handles objects in memory.


  • CVE-2018-8157 - Microsoft Office Remote Code Execution Vulnerability
    Risk Rating: Important

    This remote code execution vulnerability exists in Microsoft Office. It is resolved by the update that modifies the way Microsoft Office handles objects in memory.


Trend Micro 解决方案

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection Compatibility
CVE-2018-8174 1009067 Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8174) 9-May-18 YES
CVE-2018-0934 1008934 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0934) 9-May-18 YES
CVE-2018-8114 1009081 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8114) 9-May-18 YES
CVE-2018-8123 1009078 Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8123) 9-May-18 YES
CVE-2018-0946 1009086 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0946) 9-May-18 YES
CVE-2018-8133 1009076 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-8133) 9-May-18 YES
CVE-2018-8137 1009094 Microsoft Edge Out Of Bounds Read Vulnerability (CVE-2018-8137) 9-May-18 YES
CVE-2018-0953 1009084 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0953) 9-May-18 YES
CVE-2018-0954 1009083 Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0954) 9-May-18 YES
CVE-2018-8179 1009068 Microsoft Edge Memory Corruption Vulnerability (CVE-2018-8179) 9-May-18 YES
CVE-2018-0955 1009082 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-0955) 9-May-18 YES
CVE-2018-0951 1009085 Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2018-0951) 9-May-18 YES
CVE-2018-8122 1009079 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8122) 9-May-18 YES
CVE-2018-8158 1009072 Microsoft Office Remote Code Execution Vulnerability (CVE-2018-8158) 9-May-18 YES
CVE-2018-8157 1009073 Microsoft Office Remote Code Execution Vulnerability (CVE-2018-8157) 9-May-18 YES

通过以下社交网站联系我们