TTCSIRT-116.050918: TT-CSIRT Advisory – Microsoft Security Updates

TTCSIRT-116.050918: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that vulnerabilities have been found in several of its products which could allow for remote code execution.

Products affected include:

1) Microsoft Windows 7, 8, RT 8.1, and 10
2) Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016
3) Microsoft Windows Server Core Installation 2008, 2008 R2, 2012, 2012 R2, 2016, versions 1709, 1803
4) Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 Click-to-Run, 2016 for Mac
5) Microsoft Office Compatibility Pack
6) Microsoft Office Web Apps 2010
7) Microsoft Office Web Apps Server 2010, 2013
8) Microsoft Word 2013, 2013 RT, 2016
9) Microsoft Excel 2010, 2013, 2013 RT, 2016
10) Word Automation Services
11) Microsoft Internet Explorer 9, 10, 11
12) Microsoft Edge
13) Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
14) .NET Core 2.0
15) Microsoft Exchange Server 2010, 2013, 2016
16) Microsoft Project Server 2010, 2013
17) Microsoft Infopath 2013
18) Microsoft SharePoint Foundation 2013
19) Microsoft SharePoint Server 2010
20) Microsoft SharePoint Enterprise Server 2013, 2016
21) ChakraCore
22) C SDK for Azure IoT
23) C# SDK for Azure IoT
24) Java SDK for Azure IoT
25) Windows Host Compute Service Shim

Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user.

Further information on these vulnerabilities and how they can be mitigated can be found at https://www.cisecurity.org/advisory/critical-patches-issued-for-microsoft-products-may-8-2018_2018-053/