ASB-2018.0301 - [Win] Internet Explorer: Execute arbitrary code/commands - Remote with user interaction 2018-12-12

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0301
                Internet Explorer updates for December 2018
                             12 December 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Internet Explorer
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-8643 CVE-2018-8631 CVE-2018-8625
                      CVE-2018-8619  
Member content until: Friday, January 11 2019
Reference:            ASB-2018.0297

OVERVIEW

        Microsoft has released its monthly security patch update for the month
        of December 2018.
        
        This update resolves 4 vulnerabilities across the following products: [1]
        
         Internet Explorer 10
         Internet Explorer 11
         Internet Explorer 9


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2018-8619  Remote Code Execution    Important
         CVE-2018-8625  Remote Code Execution    Important
         CVE-2018-8631  Remote Code Execution    Critical
         CVE-2018-8643  Remote Code Execution    Important


MITIGATION

        Microsoft recommends updating the software with the version made available
        on the Microsoft Update Catalogue for the following Knowledge Base
        articles. [1].
        
         KB4471323, KB4471320, KB4471321, KB4471327, KB4471324
         KB4471332, KB4471329, KB4471325, KB4471318, KB4471330
         KB4470199


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXBBOamaOgq3Tt24GAQhCZQ//SOXyHld6na2UiJvSks6ZK0SJL7UKD0vw
4YNLFU1UudJ7roVuJLvrSpCF43uoNQ/o4H1El3BHWJIzWkofXt1JZriat2f3NtC8
vbZunx3GQPmEoFwobPd9P4h8EEBlpQ/na/GjnTB0D99fVxd/+vunaJkRn0xGwjgP
One0YZZNILRcXH1Gr2LZlfE19CEtr7HmoRoQYI5LFa66x5jyrM6gA/KOpO+22yEp
Quq9pOyKi8RWuLi7+CJ9Ttdfi4X4UTMJB0oo3o7gT1HAyMm+jo7PZxIQVdaROBUI
1MFqPMoROSJut+dtdHXZr1iX0vbMaqHilLu86JWoGcwQAd7hTehE/5ZNq2jNiYim
lmkOPzweiSwKfzk76adRfZ8+2fg2Thh5oqL6rD0JbNZVM8KSM0hPSiHHcgc6Y9XR
JFp7uGxeP5ojaUr21HVriheiKwNut0EHfxwhVpg81ccgcPd97wV4LR+DCK7hO6Du
4qZGc2GDy9i5gelTud/6MsWeo/6PQY6ja8dRZh6EKqYTVIldePO/Abh0LVXSM4sC
3jHvgIMKrrRu0AZm612lLPHMvkDklqmg4LO5UTRzPU8EC72OiCkGowBxjuaXkenJ
MPh0UbUwyco7+zek9MFhpRQCo+9DJZo/Zfbq5cC9MDQbVrvtp08/ho+rNOVC1IsJ
O3Hka0hYaSA=
=oDNW
-----END PGP SIGNATURE-----

« Back to bulletins