CERTFR-2018-AVI-338

Vulnerability from certfr_avis - Published: 2018-07-11 - Updated: 2018-07-11

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, une usurpation d'identité et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Microsoft N/A ChakraCore
Microsoft N/A Microsoft Lync 2013 Service Pack 1 (64 bits)
Microsoft N/A Skype pour Business 2016 (64 bits)
Microsoft N/A Microsoft Visual Studio 2017 Version 15.7.5
Microsoft N/A Microsoft Visual Studio 2010 Service Pack 1
Microsoft N/A Microsoft Access 2016 (édition 32 bits)
Microsoft N/A Microsoft Visual Studio 2017 Version 15.8 Preview
Microsoft N/A Microsoft Visual Studio 2013 Update 5
Microsoft N/A Microsoft Access 2013 Service Pack 1 (éditions 32 bits)
Microsoft N/A Microsoft Visual Studio 2015 Update 3
Microsoft N/A Microsoft Access 2016 (édition 64 bits)
Microsoft N/A Microsoft Visual Studio 2017
Microsoft N/A Microsoft Wireless Display Adapter V2 Software Version 2.0.8350
Microsoft N/A Microsoft Access 2013 Service Pack 1 (éditions 64 bits)
Microsoft N/A PowerShell Extension pour Visual Studio Code
Microsoft N/A Skype pour Business 2016 (32 bits)
Microsoft N/A Microsoft Research JavaScript Cryptography Library
Microsoft N/A PowerShell Editor Services
Microsoft N/A Microsoft Visual Studio 2012 Update 5
Microsoft N/A Microsoft Wireless Display Adapter V2 Software Version 2.0.8372
Microsoft N/A Expression Blend 4 Service Pack 3
Microsoft N/A Microsoft Wireless Display Adapter V2 Software Version 2.0.8365
Microsoft N/A Web Customizations pour Active Directory Federation Services
Microsoft N/A Microsoft Lync 2013 Service Pack 1 (32 bits)
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 Version 15.7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2010 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2016 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 Version 15.8 Preview",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2013 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2013 Service Pack 1 (\u00e9ditions 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2016 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Display Adapter V2 Software Version 2.0.8350",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Access 2013 Service Pack 1 (\u00e9ditions 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell Extension pour Visual Studio Code",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Research JavaScript Cryptography Library",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "PowerShell Editor Services",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2012 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Display Adapter V2 Software Version 2.0.8372",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Expression Blend 4 Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Wireless Display Adapter V2 Software Version 2.0.8365",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Web Customizations pour Active Directory Federation Services",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-8283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8283"
    },
    {
      "name": "CVE-2018-8276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8276"
    },
    {
      "name": "CVE-2018-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8291"
    },
    {
      "name": "CVE-2018-8306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8306"
    },
    {
      "name": "CVE-2018-8290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8290"
    },
    {
      "name": "CVE-2018-8238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8238"
    },
    {
      "name": "CVE-2018-8327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8327"
    },
    {
      "name": "CVE-2018-8172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8172"
    },
    {
      "name": "CVE-2018-8298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8298"
    },
    {
      "name": "CVE-2018-8326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8326"
    },
    {
      "name": "CVE-2018-8288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8288"
    },
    {
      "name": "CVE-2018-8312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8312"
    },
    {
      "name": "CVE-2018-8319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8319"
    },
    {
      "name": "CVE-2018-8311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8311"
    },
    {
      "name": "CVE-2018-8232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8232"
    },
    {
      "name": "CVE-2018-8294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8294"
    },
    {
      "name": "CVE-2018-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8286"
    },
    {
      "name": "CVE-2018-8279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8279"
    },
    {
      "name": "CVE-2018-8280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8280"
    },
    {
      "name": "CVE-2018-8287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8287"
    },
    {
      "name": "CVE-2018-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8275"
    }
  ],
  "initial_release_date": "2018-07-11T00:00:00",
  "last_revision_date": "2018-07-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-338",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une usurpation\nd\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 juillet 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.