Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0303 Windows updates for December 2018 12 December 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 10 Windows 8.1 Windows 7 Windows RT Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Operating System: Windows Impact/Access: Administrator Compromise -- Remote/Unauthenticated Access Privileged Data -- Existing Account Cross-site Scripting -- Remote with User Interaction Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-8652 CVE-2018-8649 CVE-2018-8641 CVE-2018-8639 CVE-2018-8638 CVE-2018-8637 CVE-2018-8634 CVE-2018-8626 CVE-2018-8622 CVE-2018-8621 CVE-2018-8612 CVE-2018-8611 CVE-2018-8599 CVE-2018-8596 CVE-2018-8595 CVE-2018-8514 CVE-2018-8477 Member content until: Friday, January 11 2019 Reference: ASB-2018.0297 OVERVIEW Microsoft has released its monthly security patch update for the month of December 2018. This update resolves 17 vulnerabilities across the following products: [1] Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for 64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows Azure Pack Rollup 13.1 Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2018-8477 Information Disclosure Important CVE-2018-8514 Information Disclosure Important CVE-2018-8595 Information Disclosure Important CVE-2018-8596 Information Disclosure Important CVE-2018-8599 Elevation of Privilege Important CVE-2018-8611 Elevation of Privilege Important CVE-2018-8612 Denial of Service Important CVE-2018-8621 Information Disclosure Important CVE-2018-8622 Information Disclosure Important CVE-2018-8626 Remote Code Execution Critical CVE-2018-8634 Remote Code Execution Critical CVE-2018-8637 Information Disclosure Important CVE-2018-8638 Information Disclosure Important CVE-2018-8639 Information Disclosure Important CVE-2018-8641 Elevation of Privilege Important CVE-2018-8649 Denial of Service Important CVE-2018-8652 Remote Code Execution Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB4471322, KB4471323, KB4471320, KB4471321, KB4471326 KB4471330, KB4471324, KB4471325, KB4471328, KB4471329 KB4471332, KB4471319, KB4471318, KB4480788, KB4471327 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXBBP2maOgq3Tt24GAQiYRhAAtQ5mSVH8Ea5YTiD+ZxijnAqcO0veQRvw xU2mXz+0dRxXakSZZ02QcV1lH2EomG6SCeLHgCRwCsLeyRtLYubsP+S0E6vn+nun vxS0vLRL3caknYOfAIrThSMYEMzeMVEXIZi3Pkkv6uAFVrixyIY5Hf7C7tFEEUrm zRNFvlcQ3ubJwDtbWMPg6fMsGBE4PybObJ3HqPV1N+L9lJo/2zOb01mNvgm66vDt MsFaQO1dx0I5dJALoEJ0uhl1h1kbyV+oJAtX41iaiEPSigqMKJHX21VFCU0H+xdL zMwtjpwU1mCkZic5UFCHZN2va7+SurKmlqry8ttIKhQBnh7oifqu04D+JGFer8XG 89yBTm8mRMPXQgrtZgir55KLERABJgFdj/hprmiD81pbXJIZ+TH05EteD8cTZXKf C75KOgPgl2t/qNAltkpztsVWiL6VUnSsD4LmcHjQSjduIoIkQ/zhcx4Y7UDtldsx NaEC/3znCVelsy+SQ4NXIPy8+ovjoyuTPVptDq8z53ojJId4abyjxTGyWZocuHM9 US1AGSDaRR3HaCQ4IJ6OUjumKSQRdOktT26r3hODP19hY6JqaBCKyW2BVUknW9AX RaSzSk8EEFP+NdKX5vsTmZO17BE8xOHTDifPJRUDr8Eh4IwiWrq2zTeeKfl6el9v TnVgAmH78OA= =7IA+ -----END PGP SIGNATURE-----