Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0153
Security updates for Microsoft Windows
11 July 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Windows 10
Windows 7
Windows 8.1
Windows RT
Windows Server 2008
Windows Server 2012
Windows Server 2016
Operating System: Windows
Impact/Access: Administrator Compromise -- Existing Account
Denial of Service -- Remote/Unauthenticated
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2018-8314 CVE-2018-8313 CVE-2018-8309
CVE-2018-8308 CVE-2018-8307 CVE-2018-8304
CVE-2018-8282 CVE-2018-8222 CVE-2018-8206
Member content until: Friday, August 10 2018
OVERVIEW
Microsoft has released its monthly security patch update for the month of July
2018. [1] This update resolves 9 vulnerabilities across the following
products:
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for 64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2018-8206 Denial of Service Important
CVE-2018-8222 Security Feature Bypass Important
CVE-2018-8282 Denial of Service Important
CVE-2018-8304 Denial of Service Important
CVE-2018-8307 Security Feature Bypass Important
CVE-2018-8308 Elevation of Privilege Important
CVE-2018-8309 Denial of Service Important
CVE-2018-8313 Elevation of Privilege Important
CVE-2018-8314 Elevation of Privilege Important
MITIGATION
Microsoft recommends updating the software with the version made available on
the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
KB4338830, KB4338814, KB4338820, KB4338819, KB4339854
KB4338826, KB4295656, KB4338825, KB4339503, KB4338824
KB4340583, KB4291391, KB4339291, KB4338818, KB4338829
KB4338815, KB4293756, KB4338823
REFERENCES
[1] Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW0VdnGaOgq3Tt24GAQhhjA/9ETknhb+tWw1UH/R2QAeYE8kL2v2NVIAo
ir8m4OhSv+TmHzjd6sNk0SifNnHT2YWh6ZF3BAy0QTv7fPSiA0JJwPcLxcvGZXuv
FMLIWdiRl/wlK9qAcj9AYJtxbcaz9tHRxvTFWJtfscwzpBAkwBKroSAtCr6aDC+g
Q3e53tIIqu0FOrLnYfYn59KNbo1nXCnV64SryCrw7V5rmhee+HlFLcCkhCa1XRXI
q+JdJ/iopKxR3R3p5z51qhx286g37DGqTc/mcYAwDAUuJwMw1Yxz+AhQjjDyZaXl
XB1SG+NYYIHoxxM67q/7CwygNB0hObxQ3u1ULbzTJDBUpI5oF2x5/jdUWlcWCNMc
9bw/GZudxPSUcTmaTH88Q//AqJuQfrS9z6RaNz7rIP1og9RlVbc/yeQMJKp96kmn
QndXcJR8WbX2MJJ7q8OTRB0Sr1StjRfSMzdL27kTsyjr72g0e6dEj81bfywl9u3m
ZD/GL3rLFqKEWvkCvbq9zXp/+gwO0baSMa3Sn5u4N3GSt6T0iXZaOvqIahD5Wqap
vrUgsHBUwu7Q+y4K1NmMagP479GMQ32K8EB5CYod11SR4OwS2TnuWzdCpWW8lyV+
81yxU3lb5bQ0/gG8AVpxuZljnlUSWubQiAO1ke5JANN719kOPImHH72ZMnYyptnF
moRJJ30LE1o=
=lnM4
-----END PGP SIGNATURE-----