Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0234.2
Security updates for Microsoft Edge
25 October 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Edge
Operating System: Windows 10
Windows Server 2016
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-8530 CVE-2018-8513 CVE-2018-8512
CVE-2018-8511 CVE-2018-8510 CVE-2018-8509
CVE-2018-8505 CVE-2018-8503 CVE-2018-8473
Member content until: Friday, November 9 2018
Revision History: October 25 2018: Corrected vulnerability description
October 10 2018: Initial Release
OVERVIEW
Microsoft has released its monthly security patch update for the month
of October 2018. This update resolves 9 vulnerabilities across the
following products: [1]
Microsoft Edge
IMPACT
Microsoft has given the following details regarding these
vulnerabilities.
"Details Impact Severity
CVE-2018-8473 Remote Code Execution Critical
CVE-2018-8503 Remote Code Execution Low
CVE-2018-8505 Remote Code Execution Critical
CVE-2018-8509 Remote Code Execution Critical
CVE-2018-8510 Remote Code Execution Critical
CVE-2018-8511 Remote Code Execution Critical
CVE-2018-8512 Security Feature Bypass Important
CVE-2018-8513 Remote Code Execution Critical
CVE-2018-8530 Security Feature Bypass Important" [1]
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Cataloge for the following Knowledge
Base articles. [1].
KB4462917, KB4464330, KB4462937, KB4462922, KB4462919
KB4462918
REFERENCES
[1] Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW9FjG2aOgq3Tt24GAQhouw//dGCwqP0d81ULevg8CzXjjPbCH7X8YDoA
2f/UaLlXxnwB0Cn+G6Cq8gAQkmK1catEPv4zjQNS2UO0x1M20OBmp0Ww+erH0oQF
+cRjC/BjwzrOaMyYihmhOrScljrlwu3fBJUP5LGZTKYGoF/Jf1fwXOHM5HFhGOdY
OvdICw+/gNM1X1WBQcr74R/zwcLF29f2W9y/9EJ0cfSaZX3ASHt7IodYMBJyOyjn
RczsypXGBgzjMYwF4jzNxrIYSvLi7NBkmPSDcyMRCDP1RigWux5sHAGqbMz8z2eY
rYvM2s3W+e0t1U7NCqGMMhO1+FpJLYjKIT121U3wnYGP49b6mR6GUzfUdzWXPc6J
yH1qU9n0E1Jd3+dpYB52Y4RDXHytsXyN1ZgkvH2umOGehT8MvLm/OrmU5OSvv33p
SWt31DOOHEGPdYGP9GUlTyYRGLkXu4+MKJkABO1qy8HvHXZQx0X1cq4Lgc6RXlB3
eXtARPRHNL4NiM8rWl9LH05j4LO6VZQnf8eyEAyn51v8z915TG6tTOAuKMW0Cttb
o0nvkSXbJQYQw3ZsnCzt39QjM8Em6/tlJRkuKVRYMjnkVm1viQYE/XIdbulg0UzL
rvjIMJ1oMRrGOIJWiU89XG6tRmpnXVG304bGjgYICg4j/xEk3raYHGzUudQAKmt9
AEDHDUK7Ypc=
=dks0
-----END PGP SIGNATURE-----