Published on: 12 September 2018
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://support.microsoft.com/en-us/help/20180911/security-update-deployment-information-september-11-2018
Reports indicate that exploitation of a zero-day vulnerability CVE-2018-8440 was detected against Windows systems. Users are advised to take immediate action to patch the affected systems since there is elevated risk of cyber attacks for the vulnerabilities.
A complete list of the affected products can be found at:
https://portal.msrc.microsoft.com/en-us/security-guidance
Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security feature bypass, tampering or spoofing.
Patches for affected products are available from the Windows Update/Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/498f2484-a096-e811-a978-000d3a33c573
https://support.microsoft.com/en-us/help/20180911/security-update-deployment-information-september-11-2018
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180022
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180023
https://www.hkcert.org/my_url/en/alert/18091201
https://www.us-cert.gov/ncas/current-activity/2018/09/11/Microsoft-Releases-September-2018-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8331 (to CVE-2018-8332)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8335 (to CVE-2018-8337)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8366 (to CVE-2018-8367)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8391 (to CVE-2018-8393)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8409 (to CVE-2018-8410)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8419 (to CVE-2018-8422)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8424 (to CVE-2018-8426)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8428 (to CVE-2018-8431)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8433 (to CVE-2018-8447)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8455 (to CVE-2018-8457)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8461 (to CVE-2018-8470)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8474 (to CVE-2018-8475)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8479