Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0193 Microsoft Security Updates for Web Technologies 15 November 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: .NET Core ASP.NET Core ChakraCore Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-11883 CVE-2017-11879 CVE-2017-11874 CVE-2017-11873 CVE-2017-11871 CVE-2017-11870 CVE-2017-11866 CVE-2017-11862 CVE-2017-11861 CVE-2017-11858 CVE-2017-11846 CVE-2017-11843 CVE-2017-11841 CVE-2017-11840 CVE-2017-11838 CVE-2017-11837 CVE-2017-11836 CVE-2017-11791 CVE-2017-11770 CVE-2017-8700 Member content until: Friday, December 15 2017 Reference: https://portal.msrc.microsoft.com/en-us/security-guidance OVERVIEW Microsoft has released its monthly security patch update for the month of November 2017. [1] This update resolves 20 vulnerabilities across the following products: .NET Core 1.0 .NET Core 1.1 .NET Core 2.0 ASP.NET Core 1.0 ASP.NET Core 1.1 ASP.NET Core 2.0 ChakraCore IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2017-11770 Denial of Service Important CVE-2017-11791 Information Disclosure Important CVE-2017-11836 Remote Code Execution Critical CVE-2017-11837 Remote Code Execution Critical CVE-2017-11838 Remote Code Execution Critical CVE-2017-11840 Remote Code Execution Critical CVE-2017-11841 Remote Code Execution Critical CVE-2017-11843 Remote Code Execution Critical CVE-2017-11846 Remote Code Execution Critical CVE-2017-11858 Remote Code Execution Critical CVE-2017-11861 Remote Code Execution Critical CVE-2017-11862 Remote Code Execution Critical CVE-2017-11866 Remote Code Execution Critical CVE-2017-11870 Remote Code Execution Critical CVE-2017-11871 Remote Code Execution Critical CVE-2017-11873 Remote Code Execution Critical CVE-2017-11874 Security Feature Bypass Important CVE-2017-11879 Elevation of Privilege Important CVE-2017-11883 Denial of Service Important CVE-2017-8700 Information Disclosure Moderate MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWguTA4x+lLeg9Ub1AQi/2w//W8WV49EGd3iv/LqYc8Qt2Oz2pYCLD5VX ZqE3wPsZukNy0V1qFQgbKVGtzs4Jw3yJHD11HNqQbGcDQpvXDAV5hUfzmg6CpY09 2GjrhO4Ci355q0nOnjFEp8CD2bKtgY96PkjVVoS1XkJQJ9a3mAZMzEUiocgqCZMB ULCztaLYkEGQrAqisLvH1hphHEaq06krOpnVpQtr5AG13Vur4a1sI5sY9J3d8ly4 0lwQo0SuhR2363H6CwzU7XfqjpX220gsJZsSe81Wha7yDYe4c6c6Us/8SxYSzBky PgsGKmPtHUrmeVpHwtCcwWKfHfrgFqnN7gQu6D4x31Tw+n3IG/lyIviObtztEE3K qxxwxFWkaVQs26QrQKG18Bv5FeOicXdFeuLfjdsiHkdojQNT1rtQB9MOJaoiJ1yA L3oUWyuT9gSGvUhSGKInFAKcYMq2EfQvuraZ8DSBKzmM7J+kHMuxG6eq5KiA8DpK JzaTXRijNd8oxixz2c2BqTTAlSgbC07722SWKgve8qpyjZjJ2lAoyEpvyayXLcDd wQO69ynR5Pve171qXbqjVqQiMKmD9YQcmDARvAGUYp8JQlieRQHUxZyXO+8hwF7R KNFldud2yPTPSnkHQRF20DD8ZoU7mbv8+1eLZx0FAJObAMP9Lpe+AkWgA2DPBLtq TsdUMQunOeE= =4dP0 -----END PGP SIGNATURE-----