Operating System:

[WIN]

Published:

12 September 2018

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ASB-2018.0215 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0215
            Security vulnerabilities patched in Microsoft Edge
                             12 September 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Edge
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Increased Privileges            -- Remote with User Interaction
                      Access Privileged Data          -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
                      Reduced Security                -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-8469 CVE-2018-8467 CVE-2018-8466
                      CVE-2018-8465 CVE-2018-8464 CVE-2018-8463
                      CVE-2018-8459 CVE-2018-8457 CVE-2018-8456
                      CVE-2018-8452 CVE-2018-8425 CVE-2018-8367
                      CVE-2018-8366 CVE-2018-8354 CVE-2018-8315
Member content until: Friday, October 12 2018

OVERVIEW

        Microsoft has released its monthly security patch update for the month of
        September 2018. [1]  This update resolves 15 vulnerabilities across the
        following products:
        
         Microsoft Edge


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2018-8315   Information Disclosure   Important
         CVE-2018-8354   Remote Code Execution    Important
         CVE-2018-8366   Information Disclosure   Important
         CVE-2018-8367   Remote Code Execution    Critical
         CVE-2018-8425   Spoofing                 Important
         CVE-2018-8452   Information Disclosure   Important
         CVE-2018-8456   Remote Code Execution    Critical
         CVE-2018-8457   Remote Code Execution    Critical
         CVE-2018-8459   Remote Code Execution    Critical
         CVE-2018-8463   Elevation of Privilege   Important
         CVE-2018-8464   Remote Code Execution    Critical
         CVE-2018-8465   Remote Code Execution    Critical
         CVE-2018-8466   Remote Code Execution    Critical
         CVE-2018-8467   Remote Code Execution    Critical
         CVE-2018-8469   Elevation of Privilege   Important


MITIGATION

        Microsoft recommends updating the software with the version made available on
        the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
        
         KB4457142, KB4457128, KB4457132, KB4457131, KB4457138


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW5iVgmaOgq3Tt24GAQg3HQ/8DHWeu1dMpq2UFVxmDpWmrBGpPzpImVhe
0CswgPVZ1L8A5Eawdx8yi1YCaJQ1hzQINesH5AuNVjsM4LVvkHV6T8xHOi0k7dfw
AXtL2Yp+3Xo39YKxh60FhoLeInIFbJvcHYvDgR9pIKd5/4n9rAiGT4qgj5VLcKDn
Kf6XA28MPW8QuSabPGxI0PuvevESY3ISZUJhOKSpRTi6UG32wxIf53IN58JEW+jf
U72s3kpbjhNouXSOk3nrWm0R7zrNzQ1IBAJCgNNpwqDwyt5rN+jiKwCJyi5Adsar
pp283Hw82A3VQVaL9BwX7tkdqVhZptwfqOwzSNjxFmO2VLafIfKZBI/7awa0g/n4
lF5MTxpB0mxsRMsrttBJr+pefxyzYNddQkhEMSEwAxz+XhZ5VNtj6Rr7JwH7kHnA
2+9Oi1WbygkSg/ZALtdj1vAmj24hdQkTeIV0aok5hSIKrpqYs2IL4UWESde7aHuj
ELsZWBXc+Z2M11yEPqlpdit9ZZGl6TqYMWI3P98+1sxbYw9CZuBFX+MOS5FB7KKt
GPcCLEnpPEeYk6veRJUfYZyKWXJwOaxuXn/8GXT4T2zt3Lg1xlhd7HHv5cBFkJ42
7PC5TpZjzlpBhqusb5JBpvD84DIWCeiEC1YV+ssxrWy4g5DetJntmvBBwfNMgN2P
R5bUvcMchw8=
=6IKv
-----END PGP SIGNATURE-----