Download Windows 10 Version 1809 Security Updates December 2018 . Almost, every month Microsoft release windows security updates for their customers to keep update of security aspects of windows as well as their PC. Last update was released on 13 November 2018 and this month i.e for the month of December 2018 windows security updates has been released on 11 December 2018. The main aim of release of this updates are to keep update of all supported version of windows.
Also Read: Download Windows 10 December 2020 Updates KB4592446 (OS Build 17134.1902)
In addition to above, the windows Security updates are also available for other company products such as Internet Explorer, Microsoft Visual Studio, Microsoft Office, the .NET Framework, , Microsoft Edge, and Microsoft Exchange Server.
How to download and install the December 2018 Windows 10 Version 1809 Security Updates
Though, Windows security updates are received automatically to all their consumer’s systems via Windows Update. Admins can run update checks to download the updates quickly; Windows 10 devices may pick up the latest feature update this way, however, which will be downloaded and then installed.
You may check manually for Windows 10 Version 1809 security updates:
- Tap on the Windows button to display the Start menu.
- Type Windows Update and select the result; this will open the Windows Update control window.
- Click on “check for updates” if it is not done automatically.
- It depends on your system requirements that how configured Windows Update, found updates may be installed automatically or manually.
December 2018 Windows 10 Version 1809 Security Update from Microsoft
Threats and vulnerabilities of Windows 10 Version 1809
Some release relates to browser-related bugs. Office and Office SharePoint group of application constitute to another major part of the release and few are other important patches include those for the Kernel, DirectX and other kernel-mode drivers.
Here are the Windows Security Updates December 2018 released by Microsoft described through a table format about CVEs.
Some XSS type of Vulnerability are as under: –
| Description | Severity Status | Type | Exploited |
| CVE-2018-8651 – Microsoft Dynamics NAV Cross-Site Scripting Vulnerability |
Important |
XSS | No |
| CVE-2018-8652 – Windows Azure Pack Cross-Site Scripting Vulnerability |
Important | XSS | No |
| CVE-2018-8650 – Microsoft Office SharePoint XSS Vulnerability |
Important | XSS | No |
This type of vulnerability is knows as DoS (Denial of service) Type: –
| CVE-2018-8649 – Windows DOS Vulnerability |
Important | DoS | No |
| CVE-2018-8612 – Connected User Experiences and Telemetry Service DOS Vulnerability |
Important | DoS | No |
| CVE-2018-8517 – .NET Framework DOS Vulnerability |
Important | DoS | No |
RCE (Remote code execution) : Following are the RCE type of Vulnerability: –
| CVE-2018-8643 – Scripting EMC Vulnerability |
Important |
RCE | No |
| CVE-2018-8636 – Microsoft Excel RCE Vulnerability |
Important |
RCE | No |
| CVE-2018-8628 – Microsoft PowerPoint RCE Vulnerability |
Important |
RCE | No |
| CVE-2018-8625 – Windows VBScript Engine RCE Vulnerability CVE-2018-8619 – Internet Explorer RCE Vulnerability |
Important |
RCE | No |
| CVE-2018-8597 – Microsoft Excel RCE Vulnerability |
Important |
RCE | No |
| CVE-2018-8587 – Microsoft Outlook RCE Vulnerability |
Important |
RCE | No |
CVE-2018-8631 – Internet Explorer Memory Corruption Vulnerability |
Critical | RCE | No |
| CVE-2018-8634 – Microsoft Text-To-Speech RCE Vulnerability |
Critical |
RCE | No |
| CVE-2018-8618 – Chakra Scripting EMC Vulnerability |
Critical |
RCE | No |
| CVE-2018-8624 – Chakra Scripting EMC Vulnerability |
Critical |
RCE | No |
| CVE-2018-8626 – Windows DNS Server-Heap Overflow Vulnerability |
Critical |
RCE |
No |
| CVE-2018-8629 – Chakra Scripting EMC Vulnerability |
Critical |
RCE |
No |
| CVE-2018-8617 – Chakra Scripting EMC Vulnerability |
Critical |
RCE |
No |
| CVE-2018-8583 – Chakra Scripting EMC Vulnerability |
Critical |
RCE |
No |
| CVE-2018-8540 -. NET Framework RCI Vulnerability |
Critical |
RCE |
No |
EOP Type vulnerability
| CVE-2018-8611 – Windows Kernel: Elevation of Privilege Vulnerability |
Important | EoP | No |
| CVE-2018-8599 – Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability |
Important | EoP | No |
| CVE-2018-8639 – Win32k Elevation of Privilege Vulnerability |
Important | EoP | No |
| CVE-2018-8641 – Win32k Elevation of Privilege Vulnerability |
Important | EoP | No |
Info Type Vulnerability
| CVE-2018-8637 – Win32k Information Disclosure Vulnerability |
Important | Info | No |
| CVE-2018-8638 – DirectX Information Disclosure Vulnerability |
Important | Info | No |
| CVE-2018-8635 – Microsoft SharePoint Server Elevation of Privilege Vulnerability |
Important | Info | No |
| CVE-2018-8627 – Microsoft Excel Information Disclosure Vulnerability |
Important | Info | No |
| CVE-2018-8622 – Windows Kernel Information Disclosure Vulnerability |
Important | Info | No |
| CVE-2018-8621 – Windows Kernel Information Disclosure Vulnerability |
Important | Info | No |
| CVE-2018-8598 – Microsoft Excel Information Disclosure Vulnerability |
Important | Info | No |
| CVE-2018-8595 – Windows GDI Information Disclosure Vulnerability |
Important | Info | No |
| CVE-2018-8596 – Windows GDI Information Disclosure Vulnerability |
Important | Info | No |
| CVE-2018-8580 – Microsoft SharePoint Information Disclosure Vulnerability |
Important | Info | No |
| CVE-2018-8477 – Windows Kernel Information Disclosure Vulnerability |
Important | Info | No |
| CVE-2018-8514 – Remote Procedure Call runtime Information Disclosure Vulnerability |
Important | Info | No |
The following are some of the important bugs covered.
CVE-2018-8517 – .NET Framework Denial of Service Vulnerability in Windows 10 Version 1809
This bug results in .NET framework being unable to handle some web requests appropriately. When exploited, this vulnerability may result in denial of service in a web application. It is possible for an attacker to exploit this bug without any kind of authentication. Some changes are brought in, so as to handle the .NET framework denial of service vulnerabilities.
CVE-2018-8611 – Windows Kernel Elevation of Privilege Vulnerability
This vulnerability relates to Windows Kernel’s inability to handle objects in its memory. If exploited, an attacker may run specific codes arbitrarily to change data, create an account or install programs with complete user privilege. In accordance with reports, this vulnerability is already being actively exploited.
CVE-2018-8634 – Microsoft Text-To-Speech Remote Code Execution Vulnerability
Windows 10 Version 1809 update patch can be important for those who employ or use text to speech. Though the chances of attacks are sleek, vulnerabilities exist as text-to-speech involves sending an HTTP POST request to the “Speech service”. And, like in case of Elevation of Privilege threat, when exploited, the invader can take control over the system affected.
CVE-2018-8540 – .NET Framework Remote Code Injection Vulnerability in Windows 10 Version 1809
Classified ‘critical’ under severity status, RCI (Remote Code Injection) vulnerability involves the failure of the .NET network to correctly validate the input. When exploited, the attacker can manipulate the affected system by using susceptible .NET methods to pass a particular code or input.
Thats all.