Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0008 January 2018 updates for Microsoft development tools 10 January 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft .NET Core, ASP.NET Core, ChakraCore and .NET Framework Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Cross-site Request Forgery -- Remote with User Interaction Reduced Security -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-0818 CVE-2018-0800 CVE-2018-0786 CVE-2018-0785 CVE-2018-0784 CVE-2018-0781 CVE-2018-0780 CVE-2018-0778 CVE-2018-0777 CVE-2018-0776 CVE-2018-0775 CVE-2018-0774 CVE-2018-0773 CVE-2018-0772 CVE-2018-0770 CVE-2018-0769 CVE-2018-0768 CVE-2018-0767 CVE-2018-0764 CVE-2018-0762 CVE-2018-0758 Member content until: Friday, February 9 2018 OVERVIEW Microsoft has released its monthly security patch update for the month of January 2018. [1] This update resolves 21 vulnerabilities across the following products: .NET Core 1.0 .NET Core 1.1 .NET Core 2.0 ASP.NET Core 2.0 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2/4.7 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 ChakraCore IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-0758 Remote Code Execution Critical CVE-2018-0762 Remote Code Execution Critical CVE-2018-0764 Denial of Service Important CVE-2018-0767 Information Disclosure Critical CVE-2018-0768 Remote Code Execution Important CVE-2018-0769 Remote Code Execution Critical CVE-2018-0770 Remote Code Execution Critical CVE-2018-0772 Remote Code Execution Critical CVE-2018-0773 Remote Code Execution Critical CVE-2018-0774 Remote Code Execution Critical CVE-2018-0775 Remote Code Execution Critical CVE-2018-0776 Remote Code Execution Critical CVE-2018-0777 Remote Code Execution Critical CVE-2018-0778 Remote Code Execution Critical CVE-2018-0780 Information Disclosure Critical CVE-2018-0781 Remote Code Execution Critical CVE-2018-0800 Information Disclosure Critical CVE-2018-0784 Elevation of Privilege Important CVE-2018-0785 Tampering Moderate CVE-2018-0786 Security Feature Bypass Important CVE-2018-0818 Security Feature Bypass Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4054176, KB4054177, KB4054174, KB4054175, KB4054172 KB4054170, KB4054171, KB4056888, KB4055001, KB4055000 KB4055002, KB4056893, KB4056892, KB4056891, KB4056890 KB4054993, KB4054994, KB4054995, KB4054996, KB4054997 KB4054998, KB4054999, KB4054181, KB4054183, KB4054182 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWlV2nox+lLeg9Ub1AQh2Ng//d215Yv86cib1PIqU+rie8qf4/bhHyhQS OPblu7TGa+9sG3IsBECGqwm/654DxpaqlMewmylVbQZ7PHWXlkQjaI6rY8ugm3gd qXLOAVo9Y8ajQkR8HgL7xqR+SydHROAWJUEFa8nOrFYJTJoPhU+L5zA0mU92/PdC 3NwnujrDXjsFY8ibnr7tWx4HblMlcmm36T/9XVi7v3MRYg1dqRlL2CTUmSVK588C Ogodh7dtk/9bDkmtlQ6x8SN7KJ+ykNjwGLKyUO7lacC3iy/t3VkeDD7BEhfi+5pi UoKEmEcCw3YREgvlxDGwTYIk4BlSujgZWaJVAGYciKtfS6QquQQW8pzS5mxRZO7b ZEEH+02g8lyMV+JK/pNPZZAzsTn8COBUQjsBU1Mp8+m4ZIW5zcWI4zLnT4DAs/p7 bKse1FOMBmLLB0U2Z6dbbVNHiAwn0S+yLSeqawUYcU8uWpm4TyCiz9U4e8uJXXMB F5T16zsj1rnewKtRlNSwJ+3NmV9KmmabV0FqGHiZfOTO5EX0JTIHWZlMfCUEpvJM LWGFW4jAlNZMwM9DyDzh7bO2JG+KfjrF/kcwPcpIMmH1aDM9Csd9SLhFoDpVV3wZ jbYfHXGFJa0NZ6Q8q3CNJ9zsR7OR58AV7uemxUXTpWVAA9NfKfrwb9uUOVk94icJ ZKzFT4t4ywA= =XQms -----END PGP SIGNATURE-----