Security Alert (A18-07-04): Multiple Vulnerabilities in Microsoft Products (July 2018)


 

Published on: 11 July 2018

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:

https://support.microsoft.com/en-us/help/20180710/security-update-deployment-information-july-10-2018

 

Affected Systems:

  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Edge
  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
  • Microsoft Windows Server, version 1709, version 1803
  • Microsoft Office 2010, 2016, 2016 Click-to-Run, 2016 for Mac
  • Microsoft Office Compatibility Pack
  • Microsoft Access 2013, 2016
  • Microsoft Excel Viewer
  • Microsoft Office Word Viewer
  • Microsoft PowerPoint Viewer
  • Microsoft Word 2010, 2013, 2013 RT, 2016
  • Microsoft SharePoint Enterprise Server 2013, 2016
  • Microsoft SharePoint Foundation 2013
  • ASP.NET Core 1.0, 1.1, 2.0
  • ASP.NET MVC 5.2
  • ASP.NET Web Pages 3.2.3
  • ChakraCore
  • Expression Blend 4 Service Pack 3
  • Mail, Calendar, and People in Windows 8.1 App Store
  • Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
  • Microsoft Lync 2013
  • Microsoft Research JavaScript Cryptography Library
  • Microsoft Visual Studio 2010, 2012, 2013, 2015, 2017, 2017 Version 15.7.5, 2017 Version 15.8 Preview
  • Microsoft Wireless Display Adapter V2 Software Version 2.0.8350, 2.0.8365, 2.0.8372
  • PowerShell Editor Services, Extension for Visual Studio Code
  • Skype for Business 2016
  • Web Customizations for Active Directory Federation Services
  • .NET Core 1.0, 1.1, 2.0
  • .NET Framework 4.7.2 Developer Pack

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security feature bypass, tampering or spoofing.

 

Recommendation:

Patches for affected products are available from the Windows Update/Microsoft Update Catalog.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/1c26eff2-573f-e811-a96f-000d3a33c573
https://support.microsoft.com/en-us/help/20180710/security-update-deployment-information-july-10-2018
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180017
https://www.hkcert.org/my_url/en/alert/18071101
https://www.us-cert.gov/ncas/current-activity/2018/07/10/Microsoft-Releases-July-2018-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8274 (to CVE-2018-8276)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8278 (to CVE-2018-8284)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8286 (to CVE-2018-8291)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8296 (to CVE-2018-8301)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8304 (to CVE-2018-8314)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8323 (to CVE-2018-8327)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8356

 



Tag: Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Access , Excel , Word , PowerPoint , SharePoint , ASP.NET , ChakraCore , Expression Blend , Lync , Research JavaScript Cryptography Library , Visual Studio , Wireless Display Adapter V2 Software , PowerShell , Skype , Web Customizations for Active Directory Federation Services , .NET , Mail , Calendar , People
Tags