Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0128 Security updates for Microsoft Windows 13 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows 10 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2016 Microsoft Windows Server 2012 Microsoft Windows Server 2008 Operating System: Windows Impact/Access: Administrator Compromise -- Remote/Unauthenticated Increased Privileges -- Existing Account Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-8251 CVE-2018-8239 CVE-2018-8233 CVE-2018-8231 CVE-2018-8226 CVE-2018-8225 CVE-2018-8224 CVE-2018-8221 CVE-2018-8219 CVE-2018-8218 CVE-2018-8217 CVE-2018-8216 CVE-2018-8215 CVE-2018-8214 CVE-2018-8213 CVE-2018-8212 CVE-2018-8211 CVE-2018-8210 CVE-2018-8209 CVE-2018-8208 CVE-2018-8207 CVE-2018-8205 CVE-2018-8201 CVE-2018-8175 CVE-2018-8169 CVE-2018-8140 CVE-2018-8121 CVE-2018-1040 CVE-2018-1036 CVE-2018-0982 Member content until: Friday, July 13 2018 OVERVIEW Microsoft has released its monthly security patch update for the month of June 2018. [1] This update resolves 30 vulnerabilities across the following products: Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for 64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-0982 Elevation of Privilege Important CVE-2018-1036 Elevation of Privilege Important CVE-2018-1040 Denial of Service Important CVE-2018-8121 Information Disclosure Important CVE-2018-8140 Elevation of Privilege Important CVE-2018-8169 Elevation of Privilege Important CVE-2018-8175 Remote Code Execution Important CVE-2018-8201 Security Feature Bypass Important CVE-2018-8205 Denial of Service Important CVE-2018-8207 Information Disclosure Important CVE-2018-8208 Elevation of Privilege Important CVE-2018-8209 Information Disclosure Important CVE-2018-8210 Remote Code Execution Important CVE-2018-8211 Security Feature Bypass Important CVE-2018-8212 Security Feature Bypass Important CVE-2018-8213 Remote Code Execution Critical CVE-2018-8214 Elevation of Privilege Important CVE-2018-8215 Security Feature Bypass Important CVE-2018-8216 Security Feature Bypass Important CVE-2018-8217 Security Feature Bypass Important CVE-2018-8218 Denial of Service Important CVE-2018-8219 Elevation of Privilege Important CVE-2018-8221 Security Feature Bypass Important CVE-2018-8224 Elevation of Privilege Important CVE-2018-8225 Remote Code Execution Critical CVE-2018-8226 Denial of Service Important CVE-2018-8231 Remote Code Execution Critical CVE-2018-8233 Elevation of Privilege Important CVE-2018-8239 Information Disclosure Important CVE-2018-8251 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4284860, KB4284846, KB4234459, KB4284855, KB4284826 KB4294413, KB4284880, KB4284815, KB4284874, KB4284835 KB4284878, KB4284867, KB4230467, KB4284819 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWyBnHWaOgq3Tt24GAQibdBAAlUdgRRM7m0zeHRK8oJpVWcT9XLu9OS+I 8LAiwkMPYpUYOBS8Ps2ooCstjWjEWZ6nrpkKyFhtX66cGpTLJuc/UxIlRDdFQaH/ pJ2nb+wY5BjtijiNsHzOHYZ/wUZyKnJaZeYLJikbh4hYNwRVLFnJ3Ftegue0NCE5 QjgLHf8kbNH/uCJ2B4HdWiNlhzLS13PIJHozxqqNDBSGzXEHCnHcsh9VP2SRp82h Frxk1PQkYYDOX8SudHPwhz4QNIBH9x7OdscYFNpbFhgR82xnGazv4SKJESRdQ2z2 8J6LXi3TuztZvfgaUN80rRyeFb+HWNYQjDKeYv/L4+0/Zc2pLU119WPRD6wcA/VN XvDOI0X2qGaHyEA8tTUP3IAGLk6r63FCeqtMiC3GUpzDEhTN0y/bwHTtwo4CPval s3vPO3uUKWDW8pbXhwwvrViMQfIkhK8iEJThj8mbPXIbhsPP8u4uRBqmoBwl1Uv0 xCTniOnWAIa7qs1d+5hZKB3UQB7Vn7csBwOQjK93fy6FBAcc5si5QaxuQQQQsP9I adqPbLC1DnWBpJ6zzngAuEY71wORfJtPpf0TWUfl3AUXUOEHxiswLgFJjVXhgGxw m+3jAt2goSUUCryMNV/ZmVM4lQW0NL3EBg9GZsiGZfwXO8mRyWOnl2A8KyuP1LNz GzZGhqN7PUs= =7tKj -----END PGP SIGNATURE-----