High Threat Security Alert (A18-10-04): Multiple Vulnerabilities in Microsoft Products (October 2018)


 

Published on: 10 October 2018

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://support.microsoft.com/en-us/help/20181009/security-update-deployment-information-October-09-2018

Reports indicate that proof-of-concept and fully workable exploit codes targeting the vulnerabilities in Microsoft Jet Database Engine (CVE-2018-8423) and Windows Kernel (CVE-2018-8497) have been publicly disclosed. Active exploitation against another vulnerability in the Windows operation system (CVE-2018-8453) has also been observed. Users are advised to take immediate action to patch the affected systems since there is elevated risk of cyber attacks for the vulnerabilities.

 

Affected Systems:

  • Microsoft Internet Explorer 11
  • Microsoft Edge
  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
  • Microsoft Windows Server, version 1709, version 1803
  • Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac, 2019
  • Microsoft Office Compatibility Pack
  • Microsoft Office Web Apps 2010
  • Microsoft Office Word Viewer
  • Microsoft Word 2010, 2013, 2013 RT, 2016
  • Microsoft Excel 2010, 2013, 2013 RT, 2016
  • Microsoft Excel Viewer 2007
  • Microsoft PowerPoint 2010, 2013, 2013 RT, 2016
  • Microsoft PowerPoint Viewer 2007, 2010
  • Microsoft SharePoint Enterprise Server 2013, 2016
  • Microsoft SharePoint Server 2010
  • Microsoft Exchange Server 2010, 2013, 2016
  • Microsoft Outlook 2010, 2013, 2013 RT, 2016
  • Office 365 ProPlus for 32bit Systems
  • Office 365 ProPlus for 64bit Systems
  • PowerShell Core 6.0
  • SQL Server Management Studio 17.9
  • SQL Server Management Studio 18.0 (Preview 4)
  • .NET Core 1.0
  • .NET Core 1.1
  • .NET Core 2.1
  • Azure IoT Edge
  • ChakraCore
  • Hub Device Client SDK for Azure IoT

A complete list of the affected products can be found at:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, information disclosure or security feature bypass.

 

Recommendation:

Patches for affected products are available from the Windows Update/Microsoft Update Catalog.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/aa99ba28-e99f-e811-a978-000d3a33c573
https://support.microsoft.com/en-us/help/20181009/security-update-deployment-information-October-09-2018
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180026
https://www.hkcert.org/my_url/en/alert/18101001
https://www.us-cert.gov/ncas/current-activity/2018/10/09/Microsoft-Releases-October-2018-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8333
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8423
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8480 (to CVE-2018-8482)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8490 (to CVE-2018-8495)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8500 (to CVE-2018-8506)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8509 (to CVE-2018-8513)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8530 (to CVE-2018-8533)

 



Tag: Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Microsoft Office Web Apps , Word , Excel , PowerPoint , SharePoint , Exchange Server , Outlook , Office 365 , PowerShell Core , SQL Server Management Studio , .NET Core , Azure IoT , ChakraCore
Tags