August 2018 security fixes for Office and Windows

“More of the same” in August 2018’s round of security fixes for Microsoft products including Windows, Office, Word, Excel and PowerPoint.

Overall there a sixty security flaws fixed this month alone, including two ‘zero-day’ bugs not previously known to the public.

We’ve all become accustomed to this never-ending stream of security fixes for known exploits.  That’s what Microsoft hoped when they decided on this once a month dump of patches.

One update labelled “Microsoft Office Defense in Depth Update” caught our eye and we’ve looked at it in detail separately.

For Microsoft Office there’s nothing remarkable this month.  The usual ‘remote code execution’ or ‘out of memory’ errors:

CVE-2018-8412          Office Elevation of Privilege

CVE-2018-8378          Office Information Disclosure

CVE-2018-8375          Excel Remote Code Execution

CVE-2018-8379          Excel Remote Code Execution

CVE-2018-8382          Excel Information Disclosure

CVE-2018-8376          PowerPoint Remote Code Execution

Many of the other Windows, Scripting Engine and Graphics related security bugs have an Office link.  Office documents are often used to spread code that takes advantage of those bugs.

For most people, all these updates will be applied automatically.  You have to hope that the security patches don’t cause more yet trouble.  Fingers crossed.