Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0044 Security Updates for Microsoft Edge 14 February 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-0861 CVE-2018-0860 CVE-2018-0859 CVE-2018-0857 CVE-2018-0856 CVE-2018-0840 CVE-2018-0839 CVE-2018-0838 CVE-2018-0837 CVE-2018-0836 CVE-2018-0835 CVE-2018-0834 CVE-2018-0771 CVE-2018-0763 Member content until: Friday, March 16 2018 Reference: ASB-2018.0043 OVERVIEW Microsoft has released its monthly security patch update for the month of February 2018. [1] This update resolves 14 vulnerabilities across the following products: Microsoft Edge IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-0763 Information Disclosure Critical CVE-2018-0771 Security Feature Bypass Moderate CVE-2018-0834 Remote Code Execution Critical CVE-2018-0835 Remote Code Execution Critical CVE-2018-0836 Remote Code Execution Important CVE-2018-0837 Remote Code Execution Critical CVE-2018-0838 Remote Code Execution Critical CVE-2018-0839 Information Disclosure Important CVE-2018-0840 Remote Code Execution Critical CVE-2018-0856 Remote Code Execution Critical CVE-2018-0857 Remote Code Execution Critical CVE-2018-0859 Remote Code Execution Critical CVE-2018-0860 Remote Code Execution Critical CVE-2018-0861 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4074592, KB4074590, KB4074591, KB4074596, KB4074588 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWoOTiox+lLeg9Ub1AQgZbA/9HFXTy/IimExvXnCK9C7D/SoDp6bDVUAl f+owQev4OeUgwMOgD39lhS2ipL5hUL3Ue1R3Mt8D+z7TjShwQC8psZ8m3wky2PcQ 0iYCgZdjfAU6KC4TktiAdD4gjmoCNRjqrovpwBa7SZmePfnQNhBXBSvYAJUyupNg vR53vKdBTgSp8TLutdOT6Ksc16i3yRdtgilE85GbaVvyWTqRTTHSkDNwkgrLb2vw zQTEHfSheGDlyt8JUZYPIWtF9mDzlj0Iv5tpaKSJrcjnEMy/rWSTCNsHOWbBgBQ5 A9le3NW00l7bOh5xGvg+Rjo99Os/biUHQ8keGrAbxkk1oblipF7rVxvAohXdZXHI 0lLjVEWOaIyWiL+oM57M2xz4R2bcy6BqG8+YdwIxH7tqI6IO0WR9MHrFZ6NcAj6+ 8KsWZ3ascaLNrw9upZEu9qZ4iA+EgmNAU6GwKgCg8WEkBc+jja+JMUzrOVjBydBB LpWD5V8JvWIpxhzlVhwzebUqQG5E50FsBfghTCpUC7EgvbnzSrOKJfH87ix5WGtZ Y4yDQo2QV3HOip23Gp/7fIJAspdATsB8iarbThnHHVqM8ISZleaDBPSEbDnzzDz6 Dx/vl2VCS8zTOWNkYKd8hiur/xevf0rSJq2xTgV1tyGRm0P8X6PnwgVlVoFK9IqQ ntqRFkTqseg= =bsRG -----END PGP SIGNATURE-----