Kenna Security is now part of Cisco

|Learn more

October 2018 Patch Tuesday Briefing

Oct 9, 2018
Jonathan Cran

Share with Your Network

As a service to our customers, we post a monthly update when Patch Tuesday (second Tuesday of every month) rolls around. Below, you’ll find information about the new updates released from Microsoft and Adobe this cycle, and additional context that may be helpful as you prioritize these newly released vulnerabilities.

This month, Microsoft released fixes for 49 new vulnerabilities in the following products:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office (Powerpoint, Excel, Word)
  • Microsoft Azure
  • Microsoft Windows
  • Microsoft Exchange Server
  • Microsoft Device Guard
  • Microsoft JET Database engine
  • Microsoft SQL Server Management Studio
  • ChakraCore
  • Microsoft Windows Hyper-V


Additionally, Adobe released bulletins and patches for 101 vulnerabilities this cycle in the following products:

  • Adobe Technical Communications Suite
  • Adobe Framemaker
  • Adobe Experience Manager
  • Adobe Flash Player
  • Adobe Acrobat and Reader (Released on October 1)


Adobe Flash and Reader remain the most actively exploited client-side software  according to Kenna’s intelligence (by number of unique events detected in 2018 associated with a CVEs in the software), so ensuring these are regularly patched should remain a high priority.

Consistent with the findings in our Prioritization to Prediction report,  only a small number of vulnerabilities from any given Patch Tuesday’s release are ever exploited in the wild. At time of writing, 8 CVEs from the last 4 months (July, August, September, October) have had events detected in the wild by Kenna’s global threat telemetry:

  • CVE-2018-5028 (released in July cycle)
  • CVE-2018-12794 (released in July cycle)
  • CVE-2018-8353 (released in August cycle)
  • CVE-2018-8401 (released in August cycle)
  • CVE-2018-8414 (released in August cycle)
  • CVE-2018-8353 (released in September cycle)
  • CVE-2018-8440 (released in September cycle)
  • CVE-2018-8453 (released in this cycle)

The detection in the wild of these (and only these) CVEs continue to constitute a <2% rate of exploitation in the wild across all Adobe and Microsoft CVEs released in the last four months.

As always, Kenna intelligence and scoring is dynamic and subject to significant adjustment based on new information. To check the latest scores, sign up here. You can view the raw data and analysis for this blog post here.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.