Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0214 Security vulnerabilities patched in Microsoft development tools 12 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft .NET Framework ASP.NET Core 2.1 .NET Core 2.1 C SDK for Azure IoT ChakraCore Microsoft.Data.OData System.IO.Pipelines Operating System: Windows Impact/Access: Administrator Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-8479 CVE-2018-8467 CVE-2018-8466 CVE-2018-8465 CVE-2018-8459 CVE-2018-8456 CVE-2018-8452 CVE-2018-8421 CVE-2018-8409 CVE-2018-8391 CVE-2018-8367 CVE-2018-8354 CVE-2018-8315 CVE-2018-8269 Member content until: Friday, October 12 2018 OVERVIEW Microsoft has released its monthly security patch update for the month of September 2018. [1] This update resolves 14 vulnerabilities across the following products: .NET Core 2.1 ASP.NET Core 2.1 C SDK for Azure IoT ChakraCore Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 Microsoft .NET Framework 4.7.1/4.7.2 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.7/4.7.1/4.7.2 Microsoft.Data.OData System.IO.Pipelines IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-8269 Denial of Service Important CVE-2018-8315 Information Disclosure Important CVE-2018-8354 Remote Code Execution Important CVE-2018-8367 Remote Code Execution Critical CVE-2018-8391 Remote Code Execution Critical CVE-2018-8409 Denial of Service Important CVE-2018-8421 Remote Code Execution Critical CVE-2018-8452 Information Disclosure Important CVE-2018-8456 Remote Code Execution Critical CVE-2018-8459 Remote Code Execution Critical CVE-2018-8465 Remote Code Execution Critical CVE-2018-8466 Remote Code Execution Critical CVE-2018-8467 Remote Code Execution Critical CVE-2018-8479 Spoofing Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4457035, KB4457038, KB4457033, KB4457142, KB4457030 KB4457025, KB4457027, KB4457026, KB4457029, KB4457042 KB4457128, KB4457045, KB4457044, KB4457132, KB4457131 KB4457036, KB4457037, KB4457034, KB4457053, KB4457054 KB4457055, KB4457056, KB4457138, KB4457043, KB4457028 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW5iVSmaOgq3Tt24GAQiLkA/+PL1z9BEREkoPVzx1Ybw+cRPJkxCrH9yw 08ePouITGgePgg0EMTUhPya7MXCAEYtsi4zoT721tV5Hs38eIyb9MK/zdYChiwuP dgo5uxZSU/zt9Ihg8dYwvb4nVvcYkO/UxI7M12oj0DLWJrNS/z7VMTjpGjvTnbW2 NPz65wZBEUKJyy5SQ3othx1KkTYIXftBlIyvKGiAprThYM85Di+oeBeOXh4MlQHA osx+VimQsRko92FjjmmujgGGOLwKCnpBUfRfyVc9qiW7xKaAdiTRfpR+n5ARy+6D k7rylUeL0dRfpEstAr+PF2j4p09ooY+RyfrP624h8tI21k1BXQZJbZqdWp1sGKK9 8X1Xvfl6z1EIUoqCvppLbbzfNFEMNSovYopujRPhuapp8c0OLPK8tMOn+aEydmp6 JgYEHlpplpVAGHhnV7l6daFLTsAFcvyWFshQW55qsgRzL9TZdajQ1QNHfYx+Z5iv YwRDE63Pu5YOAdmvhrc3gVbej8Utbq1kOkAwZvEmydAIXJvPop+7fkGxM5/DqEZx cZAbXQn37BD/2Sg1FaqvyaA2+0rb5Ln8YJncuaMeof7/Vj5i1oBg2qVYesZBVXXp oCE2uDtaen+8ZPcFsK13NJ9XS2ROlqMANn4kuv+6KwL9v/w6oGwU+eL4nv4FDQ47 7lk+MxKAPGk= =j1iA -----END PGP SIGNATURE-----