Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0056 Security updates for Microsoft Windows versions 14 March 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Operating System: Windows Impact/Access: Administrator Compromise -- Existing Account Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Existing Account Read-only Data Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-0983 CVE-2018-0977 CVE-2018-0926 CVE-2018-0904 CVE-2018-0902 CVE-2018-0901 CVE-2018-0900 CVE-2018-0899 CVE-2018-0898 CVE-2018-0897 CVE-2018-0896 CVE-2018-0895 CVE-2018-0894 CVE-2018-0888 CVE-2018-0886 CVE-2018-0885 CVE-2018-0884 CVE-2018-0883 CVE-2018-0882 CVE-2018-0881 CVE-2018-0880 CVE-2018-0878 CVE-2018-0877 CVE-2018-0868 CVE-2018-0817 CVE-2018-0816 CVE-2018-0815 CVE-2018-0814 CVE-2018-0813 CVE-2018-0811 Member content until: Friday, April 13 2018 OVERVIEW Microsoft has released its monthly security patch update for the month of March 2018. [1] This update resolves 30 vulnerabilities across the following products: Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for 64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-0811 Information Disclosure Important CVE-2018-0813 Information Disclosure Important CVE-2018-0814 Information Disclosure Important CVE-2018-0815 Elevation of Privilege Important CVE-2018-0816 Elevation of Privilege Important CVE-2018-0817 Elevation of Privilege Important CVE-2018-0868 Elevation of Privilege Important CVE-2018-0877 Elevation of Privilege Important CVE-2018-0878 Information Disclosure Important CVE-2018-0880 Elevation of Privilege Important CVE-2018-0881 Elevation of Privilege Important CVE-2018-0882 Elevation of Privilege Important CVE-2018-0883 Remote Code Execution Important CVE-2018-0884 Security Feature Bypass Important CVE-2018-0885 Denial of Service Important CVE-2018-0886 Remote Code Execution Important CVE-2018-0888 Information Disclosure Important CVE-2018-0894 Information Disclosure Important CVE-2018-0895 Information Disclosure Important CVE-2018-0896 Information Disclosure Important CVE-2018-0897 Information Disclosure Important CVE-2018-0898 Information Disclosure Important CVE-2018-0899 Information Disclosure Important CVE-2018-0900 Information Disclosure Important CVE-2018-0901 Information Disclosure Important CVE-2018-0902 Security Feature Bypass Important CVE-2018-0904 Information Disclosure Important CVE-2018-0926 Information Disclosure Important CVE-2018-0977 Elevation of Privilege Important CVE-2018-0983 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4088827, KB4088776, KB4056564, KB4088782, KB4088880 KB4089229, KB4073011, KB4089175, KB4089344, KB4089453 KB4088786, KB4088787, KB4088779, KB4088878, KB4088879 KB4088876, KB4088877, KB4087398, KB4088875 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWqhp7Yx+lLeg9Ub1AQhc0Q//c/UCvw8K6z15PgMG9M6DRH1JyKMz9yRi VKskuLJ6SW4hQdFzawXDK3KgYXjhqL1xtyc5bskVZOAsK3ofuwKingp8MdwKvRyv HSLo0q5vJbNk9DJ5BQvpsSE2JgkyZwdrNe8yDCDe8iiv+iZqV2n8zgAoqXPxNBKM RC8UElBA03QD62A1lfvpTnFFJMIrX+lag0VKMNY44IjX267X3jkn8aIKT75Jvg8/ UcMhJHshNg8dOdnSUIuxdi/U0eSVLM4I39HXBNOGxUsQE1OfyKoYvZ8K3RqweDTn B9HxAY8AwlXLHDpRHHNR1mLvGPl73BTzDKDpNgJul1MVY9C2nOC8YZqBbcYKqkC8 VSvbGPlugLC70vcNeoZbPYidJygEd5OfYUn2RbuQpykigMqwgN63RC2DK4ml0lr8 RD39GpQBjbYbTCcSMjkKqOiKYlAARuNnIg/mfj1dO4w/FkJORbQUxwtl7yN+kb4m 3mvWW+8uceEyaQiALh9N9KQC+BSSDtKu1MfKoWZoWU9tInpPDZ+0p6Mh+8TfFWHI 8cNnA1J0a82ZmMC/vYKuRoLQYCjbAQBXQP+ktBPPyt9akq0iZM7zXs/SgdcCVoAS OD0W9v2AWTFdRMg2VpdHyjPQeqiRLpapTpprwSOXBJ70PvFIFkNxevsELGGZKxe7 GfmDlPYofJo= =bDwH -----END PGP SIGNATURE-----