August 2018 security fixes for Office and Windows
“More of the same” in August 2018’s round of security fixes for Microsoft products including Windows, Office, Word, Excel and PowerPoint.
Overall there a sixty security flaws fixed this month alone, including two ‘zero-day’ bugs not previously known to the public.
We’ve all become accustomed to this never-ending stream of security fixes for known exploits. That’s what Microsoft hoped when they decided on this once a month dump of patches.
One update labelled “Microsoft Office Defense in Depth Update” caught our eye and we’ve looked at it in detail separately.
For Microsoft Office there’s nothing remarkable this month. The usual ‘remote code execution’ or ‘out of memory’ errors:
CVE-2018-8412 Office Elevation of Privilege
CVE-2018-8378 Office Information Disclosure
CVE-2018-8375 Excel Remote Code Execution
CVE-2018-8379 Excel Remote Code Execution
CVE-2018-8382 Excel Information Disclosure
CVE-2018-8376 PowerPoint Remote Code Execution
Many of the other Windows, Scripting Engine and Graphics related security bugs have an Office link. Office documents are often used to spread code that takes advantage of those bugs.
For most people, all these updates will be applied automatically. You have to hope that the security patches don’t cause more yet trouble. Fingers crossed.
Office Watch
Office for Mere Mortals
Twitter
Facebook
Instagram