Operating System:

[WIN]

Published:

11 July 2018

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ASB-2018.0149 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0149
            Security vulnerabilities patched in Microsoft Edge
                               11 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Edge
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Access Confidential Data        -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-8325 CVE-2018-8324 CVE-2018-8301
                      CVE-2018-8297 CVE-2018-8294 CVE-2018-8291
                      CVE-2018-8290 CVE-2018-8289 CVE-2018-8288
                      CVE-2018-8287 CVE-2018-8286 CVE-2018-8280
                      CVE-2018-8279 CVE-2018-8278 CVE-2018-8276
                      CVE-2018-8275 CVE-2018-8274 CVE-2018-8262
                      CVE-2018-8125  
Member content until: Friday, August 10 2018
Reference:            ASB-2018.0148

OVERVIEW

        Microsoft has released its monthly security patch update for the month of July
        2018. [1]  This update resolves 19 vulnerabilities across the following
        products:
         Microsoft Edge


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2018-8125   Remote Code Execution    Important
         CVE-2018-8262   Remote Code Execution    Critical
         CVE-2018-8274   Remote Code Execution    Critical
         CVE-2018-8275   Remote Code Execution    Critical
         CVE-2018-8276   Security Feature Bypass  Important
         CVE-2018-8278   Spoofing                 Important
         CVE-2018-8279   Remote Code Execution    Critical
         CVE-2018-8280   Remote Code Execution    Critical
         CVE-2018-8286   Remote Code Execution    Critical
         CVE-2018-8287   Remote Code Execution    Important
         CVE-2018-8288   Remote Code Execution    Critical
         CVE-2018-8289   Information Disclosure   Important
         CVE-2018-8290   Remote Code Execution    Critical
         CVE-2018-8291   Remote Code Execution    Critical
         CVE-2018-8294   Remote Code Execution    Critical
         CVE-2018-8297   Information Disclosure   Important
         CVE-2018-8301   Remote Code Execution    Critical
         CVE-2018-8324   Information Disclosure   Critical
         CVE-2018-8325   Information Disclosure   Important


MITIGATION

        Microsoft recommends updating the software with the version made available on
        the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
        
        
         KB4338814, KB4338819, KB4338826, KB4338825, KB4338829


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW0VR9WaOgq3Tt24GAQj8LQ/+J1KQcBpPKwnr73IpcX+eZ4Vdx7G9QslQ
dzyJiE4VBB6o+lcIb4ppKF1cOX4MNc0nU7fST7HZh1HfC0UTUOIKs4qXQxIL6PrL
/q3FudqKw9xU3FdAX117VG5ufuj22ooqVQ7xaQWHO8ZKoPo6zBP4wsPoazC/j9r2
VnbLNFcg7ehUU547qlNgYQdwkPVvNZDwA9w+gc+GNR778kwuvOnehPYCllRG29cQ
y7docFUn20aLaXjHAk+o3F9SCoi+kew/kfvIiPkDc8+PD8ZmB/Z6qu25/mWWc4PR
ayz+gKAosqtP1NmgVcjEsahXwHnMZgItXuNrqtL/u483N2czVzMVLGAHihjGASCh
3ywFBECaj6UbBLRMl2OSICtAMeoFQlagmFl5gNNmcRoCJFa5Xk7F4vR7W783iWsH
MBy7BHdllFL2Tc7FkVtSkKpnKjKdSKZS8GpX1BgwqBRpPrQMMT+vtYVQTb68zVXY
9gIpfQHRolCUti9FyoWRwHDtcDgqhKpjlfJnySeV3CN3ceVOt4NuAvppyI2oGgV2
BEA25FMuAOQ2So0UwyeKuoLQmpc4xrlrUwR0TRQl+jhHVJCxTmuvXOfD8JQD8ZKX
9uvaFDp9Ecy+dwCzWvrjm4fNbU5Sn9ZjqNMkgaIKZdBdLNG2dangs5+gkGnUD/wM
81skg3MpkLM=
=LDmb
-----END PGP SIGNATURE-----