ASB-2018.0234.2 - UPDATE [Win] Microsoft Edge: Multiple vulnerabilities 2018-10-25

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                              ASB-2018.0234.2
                    Security updates for Microsoft Edge
                              25 October 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Edge
Operating System:     Windows 10
                      Windows Server 2016
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Unauthorised Access             -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-8530 CVE-2018-8513 CVE-2018-8512
                      CVE-2018-8511 CVE-2018-8510 CVE-2018-8509
                      CVE-2018-8505 CVE-2018-8503 CVE-2018-8473
Member content until: Friday, November  9 2018

Revision History:     October 25 2018: Corrected vulnerability description
                      October 10 2018: Initial Release

OVERVIEW

        Microsoft has released its monthly security patch update for the month 
        of October 2018. This update resolves 9 vulnerabilities across the 
        following products: [1]
        
         Microsoft Edge


IMPACT

        Microsoft has given the following details regarding these 
        vulnerabilities.
        
        "Details         Impact                   Severity
         CVE-2018-8473   Remote Code Execution    Critical
         CVE-2018-8503   Remote Code Execution    Low
         CVE-2018-8505   Remote Code Execution    Critical
         CVE-2018-8509   Remote Code Execution    Critical
         CVE-2018-8510   Remote Code Execution    Critical
         CVE-2018-8511   Remote Code Execution    Critical
         CVE-2018-8512   Security Feature Bypass  Important
         CVE-2018-8513   Remote Code Execution    Critical
         CVE-2018-8530   Security Feature Bypass  Important" [1]


MITIGATION

        Microsoft recommends updating the software with the version made 
        available on the Microsoft Update Cataloge for the following Knowledge 
        Base articles. [1].
        
         KB4462917, KB4464330, KB4462937, KB4462922, KB4462919
         KB4462918


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW9FjG2aOgq3Tt24GAQhouw//dGCwqP0d81ULevg8CzXjjPbCH7X8YDoA
2f/UaLlXxnwB0Cn+G6Cq8gAQkmK1catEPv4zjQNS2UO0x1M20OBmp0Ww+erH0oQF
+cRjC/BjwzrOaMyYihmhOrScljrlwu3fBJUP5LGZTKYGoF/Jf1fwXOHM5HFhGOdY
OvdICw+/gNM1X1WBQcr74R/zwcLF29f2W9y/9EJ0cfSaZX3ASHt7IodYMBJyOyjn
RczsypXGBgzjMYwF4jzNxrIYSvLi7NBkmPSDcyMRCDP1RigWux5sHAGqbMz8z2eY
rYvM2s3W+e0t1U7NCqGMMhO1+FpJLYjKIT121U3wnYGP49b6mR6GUzfUdzWXPc6J
yH1qU9n0E1Jd3+dpYB52Y4RDXHytsXyN1ZgkvH2umOGehT8MvLm/OrmU5OSvv33p
SWt31DOOHEGPdYGP9GUlTyYRGLkXu4+MKJkABO1qy8HvHXZQx0X1cq4Lgc6RXlB3
eXtARPRHNL4NiM8rWl9LH05j4LO6VZQnf8eyEAyn51v8z915TG6tTOAuKMW0Cttb
o0nvkSXbJQYQw3ZsnCzt39QjM8Em6/tlJRkuKVRYMjnkVm1viQYE/XIdbulg0UzL
rvjIMJ1oMRrGOIJWiU89XG6tRmpnXVG304bGjgYICg4j/xEk3raYHGzUudQAKmt9
AEDHDUK7Ypc=
=dks0
-----END PGP SIGNATURE-----

« Back to bulletins