August 2018 security fixes for Office and Windows


Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

“More of the same” in August 2018’s round of security fixes for Microsoft products including Windows, Office, Word, Excel and PowerPoint.

Overall there a sixty security flaws fixed this month alone, including two ‘zero-day’ bugs not previously known to the public.

We’ve all become accustomed to this never-ending stream of security fixes for known exploits.  That’s what Microsoft hoped when they decided on this once a month dump of patches.

One update labelled “Microsoft Office Defense in Depth Update” caught our eye and we’ve looked at it in detail separately.

For Microsoft Office there’s nothing remarkable this month.  The usual ‘remote code execution’ or ‘out of memory’ errors:

CVE-2018-8412          Office Elevation of Privilege

CVE-2018-8378          Office Information Disclosure

CVE-2018-8375          Excel Remote Code Execution

CVE-2018-8379          Excel Remote Code Execution

CVE-2018-8382          Excel Information Disclosure

CVE-2018-8376          PowerPoint Remote Code Execution

Many of the other Windows, Scripting Engine and Graphics related security bugs have an Office link.  Office documents are often used to spread code that takes advantage of those bugs.

For most people, all these updates will be applied automatically.  You have to hope that the security patches don’t cause more yet trouble.  Fingers crossed.

subs profile e1563205311409 - August 2018 security fixes for Office and Windows
Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address