Security 10745 Published by

Microsoft has released the December 2018 Security Updates



The December security release consists of security updates for the following software:

Adobe Flash Player
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
.NET Framework
Microsoft Dynamics NAV
Microsoft Exchange Server
Microsoft Visual Studio
Windows Azure Pack (WAP)

Please note the following information regarding the security updates:

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.


The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

CVE-2018-8477
CVE-2018-8514
CVE-2018-8580
CVE-2018-8595
CVE-2018-8596
CVE-2018-8598
CVE-2018-8616
CVE-2018-8621
CVE-2018-8622
CVE-2018-8627
CVE-2018-8637
CVE-2018-8638
  Microsoft December 2018 Security Updates