Microsoft Patch Tuesday

Earlier today, Microsoft released its monthly roll-up of security patches known as Patch Tuesday, and this month, the Redmond-based OS maker has fixed 66 security issues.

The company did not patch any zero-days this month, and fixes were made available for products such as Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Adobe Flash Player, Microsoft Malware Protection Engine, Microsoft Visual Studio, and the Microsoft Azure IoT SDK.

The fix for the Microsoft Malware Protection Engine (MMPE) was released earlier than all other patches, Microsoft providing a fix last week, in an out-of-band security update.

Details about CVE-2018-1034, an elevation of privilege flaw in Microsoft SharePoint, became public before a patch was available, but Microsoft said hackers didn't pounce on it for active exploitation attempts.

The Microsoft April 2018 Patch Tuesday fixes also include Adobe Flash Player patches for six flaws, among which three were rated critical.

Below is a table listing of all the security issues Microsoft fixed this month. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.

If you're not interested in all security updates and you'd like to filter updates per product, you can use Microsoft's official Security Update Guide, available here.

Tag CVE ID CVE Title
Adobe Flash Player ADV180007 April 2018 Adobe Flash Security Update
Internet Explorer CVE-2018-0870 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2018-1018 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2018-0997 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2018-0991 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2018-1020 Internet Explorer Memory Corruption Vulnerability
Microsoft Browsers CVE-2018-1023 Microsoft Browser Memory Corruption Vulnerability
Microsoft Devices CVE-2018-8117 Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability
Microsoft Edge CVE-2018-0892 Microsoft Edge Information Disclosure Vulnerability
Microsoft Edge CVE-2018-0998 Microsoft Edge Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2018-1009 Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2018-1016 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2018-1012 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2018-1010 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2018-1015 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2018-1013 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2018-1003 Microsoft JET Database Engine Remote Code Execution Vulnerability
Microsoft Malware Protection Engine CVE-2018-0986 Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2018-1028 Unknown
Microsoft Office CVE-2018-1026 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office CVE-2018-1027 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-1029 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-1005 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-1034 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-1030 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office CVE-2018-0950 Microsoft Office Information Disclosure Vulnerability
Microsoft Office CVE-2018-0920 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-1007 Microsoft Office Information Disclosure Vulnerability
Microsoft Office CVE-2018-1011 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2018-1032 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office CVE-2018-1014 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Scripting Engine CVE-2018-0981 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-0979 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-1019 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0980 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0993 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0994 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0990 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0987 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-0988 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-0995 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-1001 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2018-1004 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2018-0989 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-1000 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2018-0996 Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2018-0890 Active Directory Security Feature Bypass Vulnerability
Microsoft Windows CVE-2018-0966 Device Guard Security Feature Bypass Vulnerability
Microsoft Windows CVE-2018-0967 Windows SNMP Service Denial of Service Vulnerability
Microsoft Windows CVE-2018-0963 Windows Kernel Elevation of Privilege Vulnerability
Microsoft Windows CVE-2018-0887 Windows Kernel Information Disclosure Vulnerability
Microsoft Windows CVE-2018-8116 Microsoft Graphics Component Denial of Service Vulnerability
Visual Studio CVE-2018-1037 Microsoft Visual Studio Information Disclosure Vulnerability
Windows Hyper-V CVE-2018-0964 Hyper-V Information Disclosure Vulnerability
Windows Hyper-V CVE-2018-0957 Hyper-V Information Disclosure Vulnerability
Windows IIS CVE-2018-0956 HTTP.sys Denial of Service Vulnerability
Windows Kernel CVE-2018-1008 OpenType Font Driver Elevation of Privilege Vulnerability
Windows Kernel CVE-2018-0960 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0973 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0972 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0975 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0974 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0971 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0969 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0968 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2018-0970 Windows Kernel Information Disclosure Vulnerability
Windows RDP CVE-2018-0976 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability

Related Articles:

Microsoft Explains Whether a Vulnerability Turns Into a Windows Security Update

Microsoft June 2018 Patch Tuesday Fixes 50 Security Issues

Microsoft Releases KB4100347, KB4134660, and KB4134661

Microsoft May 2018 Patch Tuesday Fixes 67 Security Issues, Including IE Zero-Day

Here's the Status of Meltdown and Spectre Mitigations in Windows