Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0152 Security updates for Microsoft Skype & Lync 11 July 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Skype for Business Microsoft Lync Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-8311 CVE-2018-8238 Member content until: Friday, August 10 2018 OVERVIEW Microsoft has released its monthly security patch update for the month of July 2018. [1] This update resolves 2 vulnerabilities across the following products: Microsoft Lync 2013 Service Pack 1 (32-bit) Microsoft Lync 2013 Service Pack 1 (64-bit) Skype for Business 2016 (32-bit) Skype for Business 2016 (64-bit) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-8238 Security Feature Bypass Important CVE-2018-8311 Remote Code Execution Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4022225, KB4022221 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW0VbPGaOgq3Tt24GAQgIeg//ZO1RExOsz0FiMYCngKLT+8lvrN0nTxyH V3IupnNnQVWjFsyXGf+sOp3G/uzYDQ5zrvvLBrTZKIhVRnc9YLdYsxD9VZHjqTSq vnx2aiqY4ybFBrC5Q7D32FSBE6btsr+7FPwolQ16AkoHD2V+8XbF0DA5+UnaqjvN rX7iSeBz3d3HwL9QB0p9yBbwrgdPc7fhhMH2xYd+mO7OkvQxtBfGD4VflckiFM46 wDeV8duXvPDkDJygem9HVS2nNqTWzhZWtr7HQcOaxEfx+hauT5fxD+/KzQgH9VM0 k1uGPrMlxlFUIkiaeP1W7+qflYQYiwNnNFw+NHYg1Dy/S//Cb9JAnNCiCiGJGN6g 8T/SvF1znTeuZiOD7WASVgJnpa1u/SmMhBovX8dVEVSELSl8hNasLf5OOzwrOog4 VfonKDKUuoH+c5/lP66G2qE1xtYZugRD0hT4nL4eGS1bSmXxgGe5n6Gt8SAAfAep PI/S74PTwF9fe5dMmewgoiUO5itMekMd2znTvubvnWncO10U5booTPvHDuCIF7Ac pEMNKUkn8N6hnpK/+qge1tR+YEzHoGcGaZUMgJcI8yyydkmhXvfyUVBDgJA2yPFr 3HR4D+EMvUWUoE6u8DWLTMURrRobDf2x80aQ/lu+Ora2tn7V9QvNdxr2np83GB03 xOczbyB0YWQ= =FaD/ -----END PGP SIGNATURE-----