Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0234.2 Security updates for Microsoft Edge 25 October 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge Operating System: Windows 10 Windows Server 2016 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-8530 CVE-2018-8513 CVE-2018-8512 CVE-2018-8511 CVE-2018-8510 CVE-2018-8509 CVE-2018-8505 CVE-2018-8503 CVE-2018-8473 Member content until: Friday, November 9 2018 Revision History: October 25 2018: Corrected vulnerability description October 10 2018: Initial Release OVERVIEW Microsoft has released its monthly security patch update for the month of October 2018. This update resolves 9 vulnerabilities across the following products: [1] Microsoft Edge IMPACT Microsoft has given the following details regarding these vulnerabilities. "Details Impact Severity CVE-2018-8473 Remote Code Execution Critical CVE-2018-8503 Remote Code Execution Low CVE-2018-8505 Remote Code Execution Critical CVE-2018-8509 Remote Code Execution Critical CVE-2018-8510 Remote Code Execution Critical CVE-2018-8511 Remote Code Execution Critical CVE-2018-8512 Security Feature Bypass Important CVE-2018-8513 Remote Code Execution Critical CVE-2018-8530 Security Feature Bypass Important" [1] MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1]. KB4462917, KB4464330, KB4462937, KB4462922, KB4462919 KB4462918 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW9FjG2aOgq3Tt24GAQhouw//dGCwqP0d81ULevg8CzXjjPbCH7X8YDoA 2f/UaLlXxnwB0Cn+G6Cq8gAQkmK1catEPv4zjQNS2UO0x1M20OBmp0Ww+erH0oQF +cRjC/BjwzrOaMyYihmhOrScljrlwu3fBJUP5LGZTKYGoF/Jf1fwXOHM5HFhGOdY OvdICw+/gNM1X1WBQcr74R/zwcLF29f2W9y/9EJ0cfSaZX3ASHt7IodYMBJyOyjn RczsypXGBgzjMYwF4jzNxrIYSvLi7NBkmPSDcyMRCDP1RigWux5sHAGqbMz8z2eY rYvM2s3W+e0t1U7NCqGMMhO1+FpJLYjKIT121U3wnYGP49b6mR6GUzfUdzWXPc6J yH1qU9n0E1Jd3+dpYB52Y4RDXHytsXyN1ZgkvH2umOGehT8MvLm/OrmU5OSvv33p SWt31DOOHEGPdYGP9GUlTyYRGLkXu4+MKJkABO1qy8HvHXZQx0X1cq4Lgc6RXlB3 eXtARPRHNL4NiM8rWl9LH05j4LO6VZQnf8eyEAyn51v8z915TG6tTOAuKMW0Cttb o0nvkSXbJQYQw3ZsnCzt39QjM8Em6/tlJRkuKVRYMjnkVm1viQYE/XIdbulg0UzL rvjIMJ1oMRrGOIJWiU89XG6tRmpnXVG304bGjgYICg4j/xEk3raYHGzUudQAKmt9 AEDHDUK7Ypc= =dks0 -----END PGP SIGNATURE-----