Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0132 Security updates for Microsoft Developer Tools 13 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft ChakraCore Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-8243 CVE-2018-8229 CVE-2018-8227 Member content until: Friday, July 13 2018 OVERVIEW Microsoft has released its monthly security patch update for the month of June 2018. [1] This update resolves 3 vulnerabilities across the following products: ChakraCore IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-8227 Remote Code Execution Important CVE-2018-8229 Remote Code Execution Critical CVE-2018-8243 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] https://github.com/Microsoft/ChakraCore/wiki/Roadmap#v185 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWyBuDWaOgq3Tt24GAQiJGw/+Na/1MX/SGJEhKNXSwWg2sbX+al82FeQ9 xM+FHn9B+W16dTPTQ4qF8dsHSaOc8RbbrnWsq7ljJFt7bptzaKyzWap0VO0+n5J5 iHtFKByJ6RAZsNobwomuq2lxGQmrZArq2HzpokfETavtvjakUKI6skwds8ia2Fbn N5oDelg3LNr63cGHWiRq9aNwb3SaY7r8JxKOR4gM+y3ffN++j/JU31MfxB8N1wdA UMl3/hg7/x5PyxN42goTjpWutSAq3wvDOZxY1OExZ3I4wOlCiEtmVmrDYNAGZ2zn 9CFGpk5cb+uT8HdNS8XbWZG/dsyNQEFNymuwX7Z6MsssIxnf8hbbVO8Lk/Fs9956 R+zLNOOT2XtMZdMVg4csMZPgM5OHoxQj0xNqQQSyh3Nu/uUdTLLw2vWSKqGJsxse UoTD+4563EPhhGdAV7D3XSKHhV0siliMLhFb7cbHT0Owe0UlhydxKPrIqqomoT87 VsqfGRJ6wlktqgsseGGFRgVzpmQxHdAPMYYcUXimCyvn0mZ5NSDLE6NMRtbMZe74 TPuA0eWDqNqpMilA1LL12q/LpvYyRNknqG+0rwU7VI2xA26ZMT3qMMF+RZsGHCG4 Yfl57T//MiUy1wJoHNvSC+wWLmqIMMzOdaidov/pxQEdOV7Nikk6bVz2p/ZcLpjk KrWDCe695KY= =eEpD -----END PGP SIGNATURE-----