Security Alert (A18-06-07): Multiple Vulnerabilities in Microsoft Products (June 2018)

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components and enhancing the security as a defense in depth measure.  The list of security updates can be found at:

https://support.microsoft.com/en-us/help/20180612/security-update-deployment-information

Affected Systems:

• Microsoft Internet Explorer 9, 10, 11
• Microsoft Edge
• Microsoft Windows 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
• Microsoft Windows Server, version 1709, version 1803
• Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 Click-to-Run
• Microsoft Office Compatibility Pack
• Microsoft Office Web Apps Server 2010, 2013
• Microsoft Office Online Server 2016
• Microsoft Excel 2010, 2013, 2013 RT, 2016
• Microsoft Excel Viewer
• Excel Services
• Word Automation Services
• Microsoft Project Server 2010
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Foundation 2013
• Microsoft Outlook 2010, 2013, 2013 RT, 2016
• Microsoft Publisher 2010
• ChakraCore

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure or security feature bypass.

Recommendation:

Patches for affected products are available from the Windows Update/Microsoft Update Catalog.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/7d4489d6-573f-e811-a96f-000d3a33c573
https://support.microsoft.com/en-us/help/20180612/security-update-deployment-information
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180015
https://www.hkcert.org/my_url/en/alert/18061301
https://www.us-cert.gov/ncas/current-activity/2018/06/12/Microsoft-Releases-June-2018-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0978
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8111
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8113
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8207 (to CVE-2018-8219)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8224 (to CVE-2018-8227)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8233 (to CVE-2018-8236)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8243 (to CVE-2018-8249)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8254
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8267