Another month and another Patch Tuesday update from Microsoft. But this month, the buzz is all about a third-party patch from Adobe that addresses a zero-day vulnerability. This vulnerability (CVE-2018-15982) is rated critical since it’s being actively exploited in the wild. It’s said that this vulnerability allows a maliciously crafted Flash object to execute code on a victim’s computer to gain command line access to their system.
In addition to the above vulnerability, Microsoft has patched 39 vulnerabilities, with 10 of them labeled critical. It has also patched a publicly exploited Windows kernel issue.
Patch Tuesday updates for Microsoft products
This month’s Patch Tuesday covers updates for the following list of products and software:
-
Adobe Flash Player
-
Internet Explorer
-
Microsoft Edge
-
Microsoft Windows
-
Microsoft Office and Microsoft Office Services and Web Apps
-
Chakra Core
-
.NET Framework
-
Microsoft Dynamics NAV
-
Microsoft Exchange Server
-
Microsoft Visual Studio
-
Windows Azure Pack (WAP)
Publicly exploited vulnerabilities
An elevation of privilege vulnerability exists when the Windows kernel fails to handle objects in memory properly. This Patch Tuesday update patches this Windows kernel elevation of privilege vulnerability (CVE:2018-8611).
Adobe Flash player updates
Adobe released one critical vulnerability fix for December, APSB18-42. As mentioned earlier, this patch is important because it addresses a vulnerability that is actively being exploited in the wild.
Non-security updates
This Patch Tuesday, Microsoft also released non-security updates for Office 2010, Office 2013, and Office 2016. View the entire list of non-security updates for the month of December.
Need to patch Microsoft and third-party apps? We’ve got you covered
When it comes to cyberthreats, it doesn’t matter if a vulnerability is in Microsoft or third-party software. Failing to patch any type of application can leave IT infrastructure vulnerable to cyberattacks. The best way to stay secure is to patch all applications, regardless of vendor.
ManageEngine offers two solutions for patching: Desktop Central and Patch Manager Plus. They both offer automated patch management for Microsoft as well as third-party applications. Automate the patching process of the applications you use in your environment to ensure your IT security isn’t compromised. Try either Desktop Central or Patch Manager Plus out for yourself by downloading a free, 30-day trial.
