• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Microsoft Windows Server 2016 / Windows 10 Multiple Vulnerabilities
December 17, 2018
Rewterz Threat Advisory – Microsoft Windows Server 2008 / Windows 7 Multiple Vulnerabilities
December 17, 2018

Rewterz Threat Advisory – Microsoft Multiple Products Multiple Vulnerabilities

December 17, 2018

SEVERITY: HIGH

 

 

CATEGORY: VULNERABILITY

 

 

PUBLISH DATE: DECEMBER 17, 2018

 

 

ANALYSIS SUMMARY:

 

 

CVE-2018-8636: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.

 

CVE-2018-8598: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka “Microsoft Excel Information Disclosure Vulnerability.” This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.

 

CVE-2018-8627: An information disclosure vulnerability exists when Microsoft Excel software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka “Microsoft Excel Information Disclosure Vulnerability.” This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel Viewer, Excel.

 

CVE-2018-8628: A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka “Microsoft PowerPoint Remote Code Execution Vulnerability.” This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server.

 

CVE-2018-8587: A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka “Microsoft Outlook Remote Code Execution Vulnerability.” This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook.

 

CVE-2018-8597: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel.

 

 

IMPACT:

 

 

System access, Exposure of sensitive information, Remote Code execution

 

 

AFFECTED PRODUCTS:

 

 

  • Microsoft Office PowerPoint Viewer 2007
  • Microsoft Office Excel Viewer 2007
  • Microsoft Office 2010
  • Microsoft Excel 2010
  • Microsoft PowerPoint 2010
  • Microsoft Outlook 2010
  • Microsoft Office Web Apps
  • Microsoft PowerPoint 2013
  • Microsoft Excel 2013
  • Microsoft Outlook 2013
  • Microsoft Excel 2013 RT
  • Microsoft Office Web Apps 2010
  • Microsoft Office Web Apps 2013
  • Microsoft Office 2016 for Mac
  • Microsoft Outlook 2016
  • Microsoft PowerPoint 2016
  • Microsoft Excel 2016
  • Microsoft PowerPoint 2013 RT
  • Microsoft Outlook 2013 RT
  • Microsoft Office Online Server Office 365 ProPlus (formerly Microsoft Office 2016 Click-to-Run)
  • Microsoft Office 2019
  • Microsoft Office 2019 for Mac
  • Microsoft Office Compatibility Pack for Word/ Excel/ and PowerPoint 2007 File Formats

 

 

REMEDIATION: 

 

 

Apply update.

 

  • Microsoft Outlook 2016 (64-bit edition) (KB4461544):

https://www.microsoft.com/downloads/details.aspx?familyid=fccd8998-891d-433d-bb91-a773ceccd75a

 

 

  • Microsoft Outlook 2016 (32-bit edition) (KB4461544): https://www.microsoft.com/downloads/details.aspx?familyid=d7eba548-70cf-4f64-a0c9-0aaaef43e1bb
  • Microsoft Outlook 2010 Service Pack 2 (64-bit editions) (KB4461576): https://www.microsoft.com/downloads/details.aspx?familyid=417962fb-11f5-4ef4-a2be-de1c08553a7a

 

  • Microsoft Outlook 2010 Service Pack 2 (32-bit editions) (KB4461576): https://www.microsoft.com/downloads/details.aspx?familyid=2202bcff-350f-4417-9c7d-1a4408facbeb

 

  • Microsoft Outlook 2013 Service Pack 1 (64-bit editions) (KB4461556): https://www.microsoft.com/downloads/details.aspx?familyid=3eb7b982-fac5-4826-8aff-c0f69f41cb46

 

  • Microsoft Outlook 2013 Service Pack 1 (32-bit editions) (KB4461556):
    https://www.microsoft.com/downloads/details.aspx?familyid=422fc39a-1df7-405c-bb66-071ef837092a

 

  • Microsoft Outlook 2013 RT Service Pack 1 (KB4461556): Apply update (please see the vendor’s service database for details).
  • Microsoft Office 2016 for Mac: Microsoft Office 2019 for Mac:

https://go.microsoft.com/fwlink/p/?linkid=831049

 

  • Microsoft Excel 2016 (64-bit edition) (KB4461542):

https://www.microsoft.com/downloads/details.aspx?familyid=f9e1fcef-e346-4eb9-a1ef-097c72d535d1

 

  • Microsoft Excel 2016 (32-bit edition) (KB4461542):

https://www.microsoft.com/downloads/details.aspx?familyid=01c85cb5-0ebe-45dd-9de5-338876b50c24

 

  • Microsoft Office 2010 Service Pack 2 (64-bit editions) (KB4461570): https://www.microsoft.com/downloads/details.aspx?familyid=458a64a4-b7bb-41d1-ac3c-b0e53127ef63

 

  • Microsoft Office 2010 Service Pack 2 (32-bit editions) (KB4461570): https://www.microsoft.com/downloads/details.aspx?familyid=e066c8d0-2dc9-45a9-a4ff-da62fb6ac185

 

  • Microsoft Excel 2010 Service Pack 2 (64-bit editions) (KB4461577): https://www.microsoft.com/downloads/details.aspx?familyid=33d26cc3-6bec-49ad-8724-620671ff58d8

 

  • Microsoft Excel 2010 Service Pack 2 (32-bit editions) (KB4461577): https://www.microsoft.com/downloads/details.aspx?familyid=6b2cc234-f3c6-4234-8b32-d87a73e9cf8c

 

  • Microsoft Excel 2013 Service Pack 1 (64-bit editions) (KB4461559): https://www.microsoft.com/downloads/details.aspx?familyid=c90fc155-ff9d-42d6-aa67-b84ebb39051f
  • Microsoft Excel 2013 Service Pack 1 (32-bit editions) (KB4461559): https://www.microsoft.com/downloads/details.aspx?familyid=c792f408-26ea-45c6-acf7-9da8c6a91fce

 

  • Microsoft Excel 2013 RT Service Pack 1 (KB4461559): Apply update (please see the vendor’s service database for details).
  • Microsoft Office Compatibility Pack Service Pack 3 (KB4461565): https://www.microsoft.com/downloads/details.aspx?familyid=492374f4-68aa-4053-817d-61ad9231fa09

 

  • Microsoft Excel Viewer 2007 Service Pack 3 (KB4461566): https://www.microsoft.com/downloads/details.aspx?familyid=b08f5cb9-b6cb-4066-aee4-5d4a5891ffc9

 

  • Microsoft Office Web Apps 2010 Service Pack 2 (KB2965312): https://www.microsoft.com/downloads/details.aspx?familyid=201ed47a-5a72-4668-8973-44410fc5b108

 

  • Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) (KB4461521): https://www.microsoft.com/downloads/details.aspx?familyid=f937563f-c668-4bb1-a688-8e6d5d10cd68

 

  • Microsoft PowerPoint 2016 (64-bit edition) (KB4461532): https://www.microsoft.com/downloads/details.aspx?familyid=98053f4d-c589-45f2-9505-87f82b22eef3

 

  • Microsoft PowerPoint 2016 (32-bit edition) (KB4461532): https://www.microsoft.com/downloads/details.aspx?familyid=c5fe6b58-0fcc-480b-a7b5-787e8263dcf8

 

  • Microsoft Office Web Apps 2013 Service Pack 1 (KB4461551): https://www.microsoft.com/downloads/details.aspx?familyid=0a984f01-1d89-4cae-9af8-31bb8cd99d6a

 

  • Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) (KB4461481): https://www.microsoft.com/downloads/details.aspx?familyid=523f4031-01d4-40fa-9cff-48df6103673b

 

  • Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) (KB4461481): https://www.microsoft.com/downloads/details.aspx?familyid=fa6acc26-3be9-42fe-886e-271f8f090bc0

 

  • Microsoft PowerPoint 2013 RT Service Pack 1 (KB4461481): Apply update (please see the vendor’s service database for details).
  • Microsoft PowerPoint Viewer (KB2597975):

https://www.microsoft.com/downloads/details.aspx?familyid=162367a2-ffe7-4b7f-a95d-bd414c88784a

 

  • Microsoft Office Compatibility Pack Service Pack 3 (KB4011207): https://www.microsoft.com/downloads/details.aspx?familyid=897c9ced-75be-4159-997c-3e982ff4095d

 

  • Office Online Server (KB4011027): https://www.microsoft.com/downloads/details.aspx?familyid=a839c43a-b677-44c5-99d1-1934f2c0ecac
  • Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) (KB4461521): https://www.microsoft.com/downloads/details.aspx?familyid=699c076c-ee32-4664-ae30-41ac938a1b6d

 

  • Office 365 ProPlus for 32-bit Systems: Apply update (please see the vendor’s service database for details).
  • Office 365 ProPlus for 64-bit Systems: Apply update (please see the vendor’s service database for details).
  • Microsoft Office 2019 for 64-bit editions: Apply update (please see the vendor’s service database for details).
  • Microsoft Office 2019 for 32-bit editions: Apply update (please see the vendor’s service database for details).

    Note: Security updates for Microsoft Outlook 2013 RT and Microsoft Excel 2013 RT are available via e.g. Windows Update or Windows Update Catalog only.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.