The September edition of Patch Tuesday includes fixes from Microsoft for 61 security issues. Of these issues, three include zero-day vulnerabilities and 17 are marked as critical.
Patch Tuesday updates for Microsoft products
This month’s Patch Tuesday covers updates for the following list of products and software:
-
Internet Explorer
-
Microsoft Edge
-
Microsoft Windows
-
Microsoft Office
-
Microsoft Office Services and Web Apps
-
Chakra Core
-
Adobe Flash Player
-
.NET Framework
-
ASP.NET
-
Microsoft.Data.OData
Zero-day vulnerabilities
Here’s the list of zero-day vulnerabilities that were addressed with this month’s Patch Tuesday:
-
Windows ALPC vulnerability (CVE-2018-8440)
This is an elevation of privilege vulnerability that exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). Of the three zero-day vulnerabilities patched this month, this is the only one that was confirmed to be exploited.
-
Scripting engine vulnerability (CVE-2018-8457)
This remote code execution vulnerability exists in the way Microsoft browsers’ scripting engine handles objects in memory.
-
Windows vulnerability (CVE-2018-8475)
This remote code execution vulnerability occurs when Windows doesn’t properly handle specially crafted image files.
Critical patch updates
Most of this month’s critical vulnerabilities are memory corruption flaws in the Chakra scripting engine that could allow a remote attacker to execute arbitrary code on a target system. Here’s a list of all the critical flaws that Microsoft has patched with September’s edition of Patch Tuesday.
Adobe critical updates
Adobe has released only one critical Flash Player vulnerability fix with this month’s edition of Patch Tuesday, ADV180023. Successful exploitation of this vulnerability could lead to arbitrary code execution on a victim’s computer.
Non-security updates
This Patch Tuesday, Microsoft also released non-security updates for Office 2010, Office 2013, and Office 2016. View the entire list of non-security updates for the month of September.
Deploy Patch Tuesday updates efficiently
Microsoft releases more than 500 patches every month to tackle various cyberthreats. Manually deploying them to your network can be tiresome, especially if you have more than just a few machines to patch. Choosing the right patching solution to automate the deployment process can save you and your organization valuable time. ManageEngine offers two solutions for automatically deploying patches: Desktop Central and Patch Manager Plus. Once Automated Patch Deployment has been configured, you’ll be able to sit back and focus on other important tasks.