Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0132
Security updates for Microsoft Developer Tools
13 June 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft ChakraCore
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-8243 CVE-2018-8229 CVE-2018-8227
Member content until: Friday, July 13 2018
OVERVIEW
Microsoft has released its monthly security patch update for the month of June
2018. [1] This update resolves 3 vulnerabilities across the following
products:
ChakraCore
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2018-8227 Remote Code Execution Important
CVE-2018-8229 Remote Code Execution Critical
CVE-2018-8243 Remote Code Execution Critical
MITIGATION
Microsoft recommends updating the software with the version made available on
the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
https://github.com/Microsoft/ChakraCore/wiki/Roadmap#v185
REFERENCES
[1] Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWyBuDWaOgq3Tt24GAQiJGw/+Na/1MX/SGJEhKNXSwWg2sbX+al82FeQ9
xM+FHn9B+W16dTPTQ4qF8dsHSaOc8RbbrnWsq7ljJFt7bptzaKyzWap0VO0+n5J5
iHtFKByJ6RAZsNobwomuq2lxGQmrZArq2HzpokfETavtvjakUKI6skwds8ia2Fbn
N5oDelg3LNr63cGHWiRq9aNwb3SaY7r8JxKOR4gM+y3ffN++j/JU31MfxB8N1wdA
UMl3/hg7/x5PyxN42goTjpWutSAq3wvDOZxY1OExZ3I4wOlCiEtmVmrDYNAGZ2zn
9CFGpk5cb+uT8HdNS8XbWZG/dsyNQEFNymuwX7Z6MsssIxnf8hbbVO8Lk/Fs9956
R+zLNOOT2XtMZdMVg4csMZPgM5OHoxQj0xNqQQSyh3Nu/uUdTLLw2vWSKqGJsxse
UoTD+4563EPhhGdAV7D3XSKHhV0siliMLhFb7cbHT0Owe0UlhydxKPrIqqomoT87
VsqfGRJ6wlktqgsseGGFRgVzpmQxHdAPMYYcUXimCyvn0mZ5NSDLE6NMRtbMZe74
TPuA0eWDqNqpMilA1LL12q/LpvYyRNknqG+0rwU7VI2xA26ZMT3qMMF+RZsGHCG4
Yfl57T//MiUy1wJoHNvSC+wWLmqIMMzOdaidov/pxQEdOV7Nikk6bVz2p/ZcLpjk
KrWDCe695KY=
=eEpD
-----END PGP SIGNATURE-----