Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0075.2 Security vulnerabilities patched in Microsoft Windows 12 April 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Read-only Data Access -- Existing Account Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-8116 CVE-2018-1016 CVE-2018-1015 CVE-2018-1013 CVE-2018-1012 CVE-2018-1010 CVE-2018-1009 CVE-2018-1008 CVE-2018-1004 CVE-2018-1003 CVE-2018-0976 CVE-2018-0975 CVE-2018-0974 CVE-2018-0973 CVE-2018-0972 CVE-2018-0971 CVE-2018-0970 CVE-2018-0969 CVE-2018-0968 CVE-2018-0967 CVE-2018-0966 CVE-2018-0964 CVE-2018-0963 CVE-2018-0960 CVE-2018-0957 CVE-2018-0956 CVE-2018-0890 CVE-2018-0887 CVE-2016-0143 Member content until: Friday, May 11 2018 å Revision History: April 12 2018: Microsoft have advised that CVE-2016-0143 affects Windows 10 and includes a fix in this patch cycle. April 11 2018: Initial Release OVERVIEW Microsoft has released its monthly security patch update for the month of April 2018. [1] This update resolves 28 vulnerabilities across the following products: Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for 64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-0887 Information Disclosure Important CVE-2018-0890 Security Feature Bypass Important CVE-2018-0956 Denial of Service Important CVE-2018-0957 Information Disclosure Important CVE-2018-0960 Information Disclosure Important CVE-2018-0963 Elevation of Privilege Important CVE-2018-0964 Information Disclosure Important CVE-2018-0966 Security Feature Bypass Important CVE-2018-0967 Denial of Service Important CVE-2018-0968 Information Disclosure Important CVE-2018-0969 Information Disclosure Important CVE-2018-0970 Information Disclosure Important CVE-2018-0971 Information Disclosure Important CVE-2018-0972 Information Disclosure Important CVE-2018-0973 Information Disclosure Important CVE-2018-0974 Information Disclosure Important CVE-2018-0975 Information Disclosure Important CVE-2018-0976 Denial of Service Important CVE-2018-1003 Remote Code Execution Important CVE-2018-1004 Remote Code Execution Critical CVE-2018-1008 Elevation of Privilege Important CVE-2018-1009 Elevation of Privilege Important CVE-2018-1010 Remote Code Execution Critical CVE-2018-1012 Remote Code Execution Critical CVE-2018-1013 Remote Code Execution Critical CVE-2018-1015 Remote Code Execution Critical CVE-2018-1016 Remote Code Execution Critical CVE-2018-8116 Denial of Service Moderate CVE-2016-0143 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4093115, KB4093114, KB4093478, KB4093224, KB4093111 KB4093107, KB4093112, KB4093227, KB4093223, KB4093108 KB4093109, KB4093119, KB4093118, KB4093122, KB4093123 KB4093257, KB4091756 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWs6VMYx+lLeg9Ub1AQh5Ug/+Pz2WTcCPSSMEftp0tgP5ZCX1t2i6NyWT 8VM1WisItE+Ne757tF65jtOGAaIdHC3zPREtoPXNDlIo1Wleu2JI7VNrFe4WP1qA FrmSULjtHAJ0cnJ8iWcthtonok/6X5KgCEf11ojExSPLDDJ/9zVar8FbxURVAxYu C03mm7tCMINreXnUWITYpz+114LOxZk+NVWAGVZ0y51llyPr/s+LeaIGuia3TtW6 SJYPW3/jEx5kTZXM0P122pRFGV8lTeX1JmBeyHjyiobTIL0cgz7yWXzu7ewJJKWv cACXBhCW4oETZnmIlRvypbKXAMZPfWl4qWM5/PtW5KWhYLv65L5FiYRidCJFtL7Z 31T87vH/86XS95yNZMyK4tioGYw0fhFR50Q+1ng7dHjPrN80tNtkNED8Krrmbom9 cF1YqRfK6OQJGfUJgPkL/xrnGQ5kMBbPTxknmfKZMQBUx+7jFD6ppAxpeVNzxoan WSQ5+Z8IuqXUuE1DoL+Ks+QTAkOWP2Yx4DBkUdzt56LncA+cODXkDLJ/0CdvzPUI rYep0g/rqgf+Dbgaitd5YzPiR8MEm3ry/IDcPa9hnA0M9pCzKpDeZFM0wZIBA1qN utUJrE89d8X0VS+h6Ew0bTQcZHgCWAZWT96K9LRdewkgpZCm/IdmN3vpsS/bwH/3 3ix5TlI2pn4= =CwV0 -----END PGP SIGNATURE-----