• Nick Thomas

July Patch Tuesday – Critical browser patches, Lazy FP, Exchange, Adobe vulns

Updated: Aug 16, 2018

This month’s Patch Tuesday is medium in weight, with 54 CVEs containing 17 Criticals. All but two of the Critical vulnerabilities are in Microsoft’s browsers or browser-related technologies. An additional speculative execution vulnerability announced in June was patched as well. Adobe has also released patches covering multiple product each with multiple CVEs.

Browser Vulnerabilities

The 16 CVEs covering browsers should be prioritized for workstation type devices, meaning any system where users are commonly accessing the public internet through a browser or checking email. This includes multi-user servers that are used as remote desktops for users.

Lazy FP State Restore

Following June’s Patch Tuesday, Microsoft released information on all supported versions of Windows covering a new side-channel attack on speculative execution. This vulnerability is similar to other Meltdown/Spectre vulnerabilities, and does require the attacker to execute code on a vulnerable system. Patches have been made available for this Patch Tuesday, and are ranked as Important.

PowerShell Editor Services

A vulnerability was patched in PowerShell Editor Services. Microsoft has not provided a CVSS score for this vulnerability at the time of this posting, but has ranked it as Critical.

Microsoft Exchange / Oracle Outside In library

Microsoft also released out-of-band patches in June for Exchange Server that addresses vulnerabilities patched in the Oracle Outside In library. These patches should be prioritized for all Exchange servers.


Adobe has released several patches covering Acrobat, Reader, Flash, Adobe Connect, and Adobe Experience Manager. Vulnerabilities in Acrobat, Reader, and Flash have been marked as critical. Flash has one critical CVE, while Acrobat and Reader have over 50. Microsoft has provided patches for Flash on supported operating systems. These patches should be prioritized for all workstation type systems.

Credit: Jimmy Graham, Qualys Product Manager

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Cyber Business Support Limited.  The Old Fire Station, 1 Abbey Road, Barrow-in-Furness, Cumbria, LA14 1XH

www.cyberbusinessupport.com | info@cyberbusinesssupport.com

Company number : 11190120.  VAT number : 288991326. 

© 2018 by Cyber Business Support Limited.  All rights reserved.

Privacy Notice