Operating System:

[WIN]

Published:

12 April 2018

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ASB-2018.0073.2 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                              ASB-2018.0073.2
      Security vulnerabilities patched in Microsoft Internet Explorer
                               12 April 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Internet Explorer
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Read-only Data Access           -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-8118 CVE-2018-1020 CVE-2018-1018
                      CVE-2018-1004 CVE-2018-1001 CVE-2018-1000
                      CVE-2018-0997 CVE-2018-0996 CVE-2018-0991
                      CVE-2018-0989 CVE-2018-0988 CVE-2018-0987
                      CVE-2018-0981 CVE-2018-0870 
Member content until: Friday, May 11 2018
Reference:            ESB-2018.1076
                      ESB-2018.0946
                      ESB-2018.0638
                      ESB-2018.0266

Revision History:     April 12 2018: Microsoft have added CVE-2018-8118
                                     to the release post publication.
                      April 11 2018: Initial Release

OVERVIEW

        Microsoft has released its monthly security patch update for the month of
        April 2018. [1]  This update resolves 13 vulnerabilities across the following
        products:
         Internet Explorer 10
         Internet Explorer 11
         Internet Explorer 9


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2018-0870   Remote Code Execution    Critical
         CVE-2018-0981   Information Disclosure   Critical
         CVE-2018-0987   Information Disclosure   Important
         CVE-2018-0988   Remote Code Execution    Critical
         CVE-2018-0989   Information Disclosure   Important
         CVE-2018-0991   Remote Code Execution    Critical
         CVE-2018-0996   Remote Code Execution    Critical
         CVE-2018-0997   Remote Code Execution    Important
         CVE-2018-1000   Information Disclosure   Critical
         CVE-2018-1001   Remote Code Execution    Important
         CVE-2018-1004   Remote Code Execution    Critical
         CVE-2018-1018   Remote Code Execution    Critical
         CVE-2018-1020   Remote Code Execution    Critical
         CVE-2018-8118   Remote Code Execution    Important


MITIGATION

        Microsoft recommends updating the software with the version made available on
        the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
        
        
         KB4093114, KB4093111, KB4093107, KB4093112, KB4093109
         KB4093119, KB4093118, KB4092946, KB4093123


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWs6VN4x+lLeg9Ub1AQhL9Q/+I/1Gmpmjaqbh4hUObUsPFx13hL74gayQ
MgUIgvGBNkDFgtzdHett4KYsNJTVYcdsSzE/tGpb1sisWqleynRImPDtfmFwa7kc
xU/xNkWK4SQv5R1ZlVRNoN8cvhlnnCwYOjQcOIzgm2prIzGMTtsFRiul5GyRbW7+
0Dp3n91Qy+fbblIQM7EGIAa3IVH0sptYfdIT7HjsasKJYiVAMIEHtJ4C5//vkD79
glAjXfKzVDgtBCWRffDQN0A3dN1+F7nCFohGUmKGtz2dGfictybbCNtVUlNz+29v
yRn8WHurOrFFrx2e8YkWCdyXoKpQEX1grNzbaoZJH5UG4LJ+aanKm/6tOm+lj51+
SkQV4VvTC6knspdQwde/iDssOnhlAQbqasLEDmBUMbTLfFtKpfJQkcvYL7HxPZDg
HoPPNk2k972xoixzlHYduoekq9FI/8d2sJ9n+m7rVBy9qZWfMKro95ktnAn8HkxQ
6NzNuJpP24WmHooyWIJx4CK8mGSHSbWm8lq+JrSdOeU4MEI7vR9bDUkrKv6kr0Ff
XlmtTO1dlABV3oMcV4UVnGuc1prSJTXCGc8wJeUW7Eeu56620tnUAaJ12Y4eqB5/
CdSXPNyVVNPlAtwkTcvVKN/VtJ+c3GcLwSJbVs+boi3MN8e6TgFbdO4LsP6QNLIP
gBtWJvDbnxE=
=Sdhm
-----END PGP SIGNATURE-----