Last updated at Tue, 10 Jul 2018 21:31:53 GMT
This month's security updates from Microsoft address 50 separate vulnerabilities, including two fixes for Adobe Flash Player (APSB18-24). There are no 0-days this month, although three vulnerabilities had been publicly disclosed prior to the release: two privilege escalation vulnerabilities in Windows and a spoofing vulnerability in Edge whereby a user could be tricked into believing a malicious website is legitimate.
Over half of the vulnerabilities fixed today allow Remote Code Execution (RCE), and for the most part affect Edge and/or Internet Explorer. There are also RCEs in Lync / Skype for Business (CVE-2018-8311), Access (CVE-2018-8312), SharePoint Server (CVE-2018-8300), and Office (CVE-2018-8281).
Four vulnerabilities in .NET Framework have been patched: a security feature bypass, RCE, remote code injection, and elevation of privilege).
On the server side, patches are relatively light this month. However, Sharepoint Server admins should be aware of two privilege escalation vulnerabilities being fixed in addition to the RCE. There is also a denial of service in FTP Server being fixed (CVE-2018-8206).
Note: not all CVEs had CVSSv3 data available at the time of writing