Patch Tuesday Briefing – November 2018

Nov 13, 2018
Jonathan Cran

Share with Your Network

As a service to our customers, we post a monthly update when Patch Tuesday (second Tuesday of every month) rolls around. Below, you’ll find information about the new updates released from Microsoft and Adobe this month, and context that may be helpful as you prioritize the remediation of these newly released vulnerabilities. This month we’re adjusting our Patch Tuesday briefing format to focus on vulnerabilities that have been seen by Kenna’s sensor network in the past 6 months. 

Three CVEs have been added to the “detected” list this month after being seen in the wild by Kenna’s sensor network: CVE-2018-8453, CVE-2018-8584, and CVE-2018-8589. All are local, elevation of privilege vulnerabilities affecting versions of Microsoft Windows. 


At time of writing, a total of 10 CVEs released in the prior six Patch Tuesdays – July, August, September, October, November – have seen detection events in the wild by Kenna’s global threat telemetry:

  1. CVE-2018-5028 (released in July cycle)
  2. CVE-2018-12794 (released in July cycle)
  3. CVE-2018-8353 (released in August cycle)
  4. CVE-2018-8401 (released in August cycle)
  5. CVE-2018-8414 (released in August cycle)
  6. CVE-2018-8353 (released in September cycle)
  7. CVE-2018-8440 (released in September cycle)
  8. CVE-2018-8453 (released in October cycle)
  9. CVE-2018-8584 (released in November cycle)
  10. CVE-2018-8589 (released in November cycle)


These vulnerabilities comprise the known Microsoft and Adobe “Patch Tuesday” vulnerabilities known to be used by attackers in the wild since mid-July, and constitute a slightly less-than-2% rate of exploitation in the wild across all Adobe and Microsoft CVEs released in the last six months, consistent with the findings in our Prioritization to Prediction report.

We recommend organizations work to remediate all vulnerabilities released in the November update – particularly Adobe vulnerabilities and those marked critical by Microsoft, and that organizations focus first those vulnerabilities with detected events; an extremely strong indicator of risk to vulnerable organizations.

As always, Kenna risk scores are highly dynamic, and subject to adjustment based on new intelligence. To check the latest scoring and data, sign up here.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.