Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4343205
HistoryAug 14, 2018 - 7:00 a.m.

Cumulative security update for Internet Explorer: August 14, 2018

2018-08-1407:00:00
Microsoft
support.microsoft.com
43

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.6%

JSON

Cumulative security update for Internet Explorer: August 14, 2018

Summary

This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures. Additionally, see the following articles for more information about this cumulative update:

  • Windows 7 SP1 and Windows Server 2008 R2 SP1 update history

  • Windows Server 2012 update history

  • Windows 8.1 and Windows Server 2012 R2 update history

  • Windows 10 and Windows Server 2016 update history
    Important

  • The fixes that are included in this Security Update for Internet Explorer (KB 4343205) are also included in the August 2018 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in this update.

  • If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, this Security Update for Internet Explorer (KB 4343205), the August 2018 Security Only Quality Update, and the August 2018 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.

  • This Security Update for Internet Explorer is not applicable for installation on a computer on which the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from August 2018 (or a later month) is already installed. This is because those updates contain all the fixes that are in this Security Update for Internet Explorer.

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Known issues

Symptom Workaround
In Internet Explorer 11, a blank page may appear for some redirects. Additionally, if you open a site that uses Active Directory Federation Services (AD FS) or Single sign-on (SSO), the site may be unresponsive. Refreshing the address bar URL may allow the page to finally load completely. To resolve this issue, apply update KB4459022.
After installing this update, you may observe decreased performance in Internet Explorer 11 when roaming profiles are used or when the Microsoft Compatibility List is not used. This issue is resolved in KB4463376.

How to get and install the update

Method 1: Microsoft Update

This update is available through Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically.For more information about how to get security updates automatically, see Windows Update: FAQ.Note For Windows RT and Windows RT 8.1, this update is available through Microsoft Update only.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

Deployment information

For deployment details for this security update, see the following article in the Microsoft Knowledge Base:Security update deployment information: August 14, 2018

More Information

__

How to get help and support for this security update

Help for installing updates: Windows Update: FAQSecurity solutions for IT professionals: TechNet Security Support and TroubleshootingHelp for protecting your Windows-based computer from viruses and malware: Microsoft SecureLocal support according to your country: International Support

File informationFor a list of the files that are provided in this cumulative update, download the file information for cumulative update 4343205.

File hash information

File name SHA1 hash SHA256 hash
Windows8.1-KB4343205-arm.msu 31615EDDA9EF07B2590A8347B9211A957C863218 54064E3C9F4C190B382AFA79E8BB26E7453039FA110BFCF23419DD6EFB42F336
Windows8.1-KB4343205-x86.msu 272963AC6B592B1763793C6DCFE500F156E033D4 8A1F5E6BC5773B6D3C25714B1F051DF5ECC3FBC96222769B69A0E3A5BF5C3E35
Windows8.1-KB4343205-x64.msu 79C8CC1B7816FE6538B7A07F2D91FB4EF3E03151 B32BEB09702FAA123872816E07403BABE589D21CD172D41E8DA1C7F15844C323
Windows8-RT-KB4343205-x64.msu A8ADE65F495083C92FD58F352B46FE5590BE9AEA 98EDD1CA4C4B61AEC631F609C52C0C52A95F30358C9BAC755575E193A37927C9
IE11-Windows6.1-KB4343205-X64.msu C42CDA12A762231114883CCD7322A29FB2146036 664F70E129D78679C28253059118E2BA71DC55C75D108BC2C493A051B8A4D34C
IE11-Windows6.1-KB4343205-X86.msu 35F20D3A0A053949A1E514D27018CC3D39055455 781205BF1EFE1150E5628663D50005703D96D4D92E615A4333657D03D887F7AD
IE9-Windows6.0-KB4343205-X86.msu 47CCB42BECC066C4394E871759532F18CAF9EEDE B9B80CDEB6698B9039C76410CE3926EAE01760611DE6630C25EE31E23A0D1D8D
IE9-Windows6.0-KB4343205-X64.msu B118B05F41E74C73F0CFCEDC86B7F01CDDDB0106 484232CA3550BA3420B2FA9E89FEDE2876FB1CA715019B20EFF03E7CE6C3592D

Related

nessus 10
attackerkb 5
prion 12
cve 12
osv 8
github 6
veracode 2
kaspersky 2
mskb 9
openvas 7
mscve 10
symantec 8
zdi 3
checkpoint_advisories 7
exploitpack 1
exploitdb 1
zdt 2
packetstorm 2
cisa_kev 1
thn 2
myhack58 4
malwarebytes 2
threatpost 2
googleprojectzero 1
talosblog 1
krebs 1
qualysblog 1
securelist 1
nessus
nessus
Security Updates for Internet Explorer (August 2018)
2018-08-14 00:00:00
KB4343888: Windows 8.1 and Windows Server 2012 R2 August 2018 Security Update (Foreshadow)
2018-08-14 00:00:00
KB4343896: Windows Server 2012 August 2018 Security Update (Foreshadow)
2018-08-14 00:00:00
attackerkb
attackerkb
CVE-2018-8385
2018-08-15 00:00:00
CVE-2018-8389
2018-08-15 00:00:00
CVE-2018-8372
2018-08-15 00:00:00
prion
prion
Remote code execution
2018-08-15 17:29:00
Remote code execution
2018-08-15 17:29:00
Remote code execution
2018-08-15 17:29:00
cve
cve
CVE-2018-8353
2018-08-15 17:29:00
CVE-2018-8355
2018-08-15 17:29:00
CVE-2018-8359
2018-08-15 17:29:00
osv
osv
ChakraCore RCE Vulnerability
2022-05-13 01:20:51
ChakraCore RCE Vulnerability
2022-05-13 01:20:51
ChakraCore RCE Vulnerability
2022-05-13 01:20:49
github
github
ChakraCore RCE Vulnerability
2022-05-13 01:20:51
ChakraCore RCE Vulnerability
2022-05-13 01:20:51
ChakraCore RCE Vulnerability
2022-05-13 01:20:49
veracode
veracode
Remote Code Execution (RCE)
2018-08-16 09:38:32
Remote Code Execution (RCE)
2018-08-16 04:17:50
kaspersky
kaspersky
KLA11306 Multiple vulnerabilities in Microsoft Browsers
2018-08-14 00:00:00
KLA11789 Multiple vulnerabilities in Microsoft Products (ESU)
2018-08-14 00:00:00
mskb
mskb
August 14, 2018—KB4343898 (Monthly Rollup)
2018-08-14 07:00:00
August 14, 2018—KB4343901 (Monthly Rollup)
2018-08-14 07:00:00
August 14, 2018—KB4343900 (Monthly Rollup)
2018-08-14 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4343898)
2018-08-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4343900)
2018-08-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4343892)
2018-08-15 00:00:00
mscve
mscve
Internet Explorer Remote Code Execution Vulnerability
2018-08-14 07:00:00
Microsoft Browser Information Disclosure Vulnerability
2018-08-14 07:00:00
Scripting Engine Memory Corruption Vulnerability
2018-08-14 07:00:00
symantec
symantec
Microsoft Internet Explorer CVE-2018-8316 Remote Code Execution Vulnerability
2018-08-14 00:00:00
Microsoft Internet Explorer CVE-2018-8371 Remote Memory Corruption Vulnerability
2018-08-14 00:00:00
Microsoft Internet Explorer CVE-2018-8353 Remote Memory Corruption Vulnerability
2018-08-14 00:00:00
zdi
zdi
Microsoft Office Word Preview Unsafe Hyperlink Remote Code Execution Vulnerability
2018-08-14 00:00:00
Microsoft Windows VBScript Class_Terminate Use After Free Remote Code Execution Vulnerability
2018-08-14 00:00:00
Microsoft Windows VBScript Array Use-After-Free Remote Code Execution Vulnerability
2018-08-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-8353)
2018-08-14 00:00:00
Microsoft Browser Scripting Engine Memory Corruption (CVE-2018-8372)
2018-08-14 00:00:00
Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-8371)
2018-08-14 00:00:00
exploitpack
exploitpack
Microsoft Edge Chakra - OP_Memset Type Confusion
2018-11-19 00:00:00
exploitdb
exploitdb
Microsoft Edge Chakra - OP_Memset Type Confusion
2018-11-19 00:00:00
zdt
zdt
Microsoft Windows - JScript RegExp.lastIndex Use-After-Free Exploit
2018-08-28 00:00:00
Microsoft Edge Chakra JIT localeCompare Type Confusion Exploit
2018-09-18 00:00:00
packetstorm
packetstorm
Microsoft Edge Chakra OP_Memset Type Confusion
2018-11-19 00:00:00
Microsoft Edge Chakra JIT localeCompare Type Confusion
2018-09-18 00:00:00
cisa_kev
cisa_kev
Microsoft Scripting Engine Memory Corruption Vulnerability
2022-03-25 00:00:00
thn
thn
Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly
2019-03-30 07:23:00
Microsoft Releases Patches for 60 Flaws—Two Under Active Attack
2018-08-14 18:32:00
myhack58
myhack58
From BinDiff to 0day: Internet Explorer UAF vulnerability analysis-vulnerability warning-the black bar safety net
2019-09-17 00:00:00
Use CVE-2018-8373 0day vulnerabilities the attacks the Darkhotel gang-related analysis-vulnerability warning-the black bar safety net
2018-08-18 00:00:00
For a suspected CVE-2016-0189 the original attack sample debugging-vulnerability warning-the black bar safety net
2019-06-13 00:00:00
malwarebytes
malwarebytes
Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT
2018-09-26 17:13:26
A week in security (September 24 – 30)
2018-10-01 16:44:20
threatpost
threatpost
Darkhotel Exploits Microsoft Zero-Day VBScript Flaw
2018-08-20 16:39:26
Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup
2018-08-14 20:42:41
googleprojectzero
googleprojectzero
On VBScript
2018-12-19 00:00:00
talosblog
talosblog
Microsoft Tuesday August 2018
2018-08-14 11:26:00
krebs
krebs
Patch Tuesday, August 2018 Edition
2018-08-15 14:52:21
qualysblog
qualysblog
August Patch Tuesday – 63 Vulns, L1TF (Foreshadow), Exchange, SQL, Active Attacks on IE flaw
2018-08-14 18:47:21
securelist
securelist
IT threat evolution Q3 2018. Statistics
2018-11-12 10:00:55

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.6%

JSON
Related for KB4343205
nessus10attackerkb5prion12cve12osv8github6veracode2kaspersky2mskb9openvas7mscve10symantec8zdi3checkpoint_advisories7exploitpack1exploitdb1zdt2packetstorm2cisa_kev1thn2myhack584malwarebytes2threatpost2googleprojectzero1talosblog1krebs1qualysblog1securelist1