Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0211.2 Security updates for Microsoft Windows 12 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 10 Windows 7 Windows 8.1 Windows RT Windows Server 2008 Windows Server 2012 Windows Server 2016 Operating System: Windows Impact/Access: Administrator Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Access Privileged Data -- Remote with User Interaction Modify Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Provide Misleading Information -- Unknown/Unspecified Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-8475 CVE-2018-8468 CVE-2018-8462 CVE-2018-8455 CVE-2018-8449 CVE-2018-8446 CVE-2018-8445 CVE-2018-8444 CVE-2018-8443 CVE-2018-8442 CVE-2018-8441 CVE-2018-8440 CVE-2018-8439 CVE-2018-8438 CVE-2018-8437 CVE-2018-8436 CVE-2018-8435 CVE-2018-8434 CVE-2018-8433 CVE-2018-8424 CVE-2018-8422 CVE-2018-8420 CVE-2018-8419 CVE-2018-8410 CVE-2018-8393 CVE-2018-8392 CVE-2018-8337 CVE-2018-8336 CVE-2018-8335 CVE-2018-8332 CVE-2018-8271 CVE-2018-0965 Member content until: Friday, October 12 2018 Revision History: September 12 2018: Product tag updated from Windows 10 to Microsoft Windows September 12 2018: Initial Release OVERVIEW Microsoft has released its monthly security patch update for the month of September 2018. [1] This update resolves 33 vulnerabilities across the following products: Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for 64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity ADV180022 Denial of Service Important CVE-2018-0965 Remote Code Execution Critical CVE-2018-8271 Information Disclosure Important CVE-2018-8332 Remote Code Execution Critical CVE-2018-8335 Denial of Service Important CVE-2018-8336 Information Disclosure Important CVE-2018-8337 Security Feature Bypass Important CVE-2018-8392 Remote Code Execution Important CVE-2018-8393 Remote Code Execution Important CVE-2018-8410 Elevation of Privilege Important CVE-2018-8419 Information Disclosure Important CVE-2018-8420 Remote Code Execution Critical CVE-2018-8422 Information Disclosure Important CVE-2018-8424 Information Disclosure Important CVE-2018-8433 Information Disclosure Important CVE-2018-8434 Information Disclosure Important CVE-2018-8435 Security Feature Bypass Important CVE-2018-8436 Denial of Service Important CVE-2018-8437 Denial of Service Important CVE-2018-8438 Denial of Service Important CVE-2018-8439 Remote Code Execution Critical CVE-2018-8440 Elevation of Privilege Important CVE-2018-8441 Elevation of Privilege Important CVE-2018-8442 Information Disclosure Important CVE-2018-8443 Information Disclosure Important CVE-2018-8444 Information Disclosure Important CVE-2018-8445 Information Disclosure Important CVE-2018-8446 Information Disclosure Important CVE-2018-8449 Security Feature Bypass Important CVE-2018-8455 Elevation of Privilege Important CVE-2018-8462 Elevation of Privilege Important CVE-2018-8468 Elevation of Privilege Important CVE-2018-8475 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4457135, KB4457132, KB4457131, KB4457128, KB4457129 KB4457138, KB4457142, KB4457143, KB4457140, KB4458010 KB4457144, KB4457145, KB4457984 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW5hww2aOgq3Tt24GAQjCThAAljUw+4pUpISMH00b44MM2oJYJA93QI9z 9TEVtjD+3IS+m7y05rQ/l2vluq/MlBMZEjdIaEmdlJXGBj83QIhPIeQXGSzH7yvX 5n1J/KcZOxrWuEfDrUbssdqtTtnycN2jt7FD2dXwPMkaVc5GieOq3B9jLtgga2D0 MBLWnwiwB0lN6w4iJsZt9t2d7fe/x+Mh9XkcPtymUTov+xZjhvrGywid85Biq9Ce UUIk7Ra/8fQt8e58+RR7UNJtzhez5d4ruMLSi7BcigD9arLTppbSz8vBZ6T3bzTi K96K9R4EHYicvSnQHpq1FuYAa5/YbaovehnciAx3kfLvUJq5Sd2zQwpfbDHfd8lU Gczq+YePcNJLQZgaweKw5dSms9AJi1UngzZfvqwFDfcWS7znSC0ljgA2MaXS6T1v +hDWTZ84iGHtXBw0BaiCX4s4LY9z953uMSk/5g8/TPo6jQAMq6luuoJKTNOc1+TS 1KQCgkCs0TsQSgJpw1Vy720UdNM6P3Vq2TGwd4EAhUKvM30kJ1kD9VkjnxZzKLfS QxC3oYwfEvX/bEJ6wFElMrQI7zfx+lMgprcRX2Fv4p3bo8AhkkpcmeMdhed9uvCi Xk9xTpWPCKZ3wnDQxXcVY/yilclFXcDhCJhpclicDoRCMdSzVUt8YJOZLMuch2Ae Dlk+Z6Vbq9U= =jmVy -----END PGP SIGNATURE-----