Rewterz Threat Advisory – Microsoft Internet Explorer Multiple Vulnerabilities
December 14, 2018Rewterz Threat Advisory – Microsoft Windows Server 2019 Multiple Vulnerabilities
December 17, 2018Rewterz Threat Advisory – Microsoft Internet Explorer Multiple Vulnerabilities
December 14, 2018Rewterz Threat Advisory – Microsoft Windows Server 2019 Multiple Vulnerabilities
December 17, 2018SEVERITY: High
CATEGORY: Vulnerability
PUBLISH DATE: December 17, 2018
ANALYSIS SUMMARY:
Two vulnerabilities have been found in Microsoft .NET Framework, which can be exploited by malicious people to cause Denial of Service or execute arbitrary code.
CVE-2018-8517: Microsoft .NET framework has an error when handling special web requests. The flaw can be exploited to cause a DoS condition.
CVE-2018-8540: An error in Microsoft .NET framework leads to failure of proper input validation, and can be exploited to inject and execute arbitrary code.
IMPACT:
System Access, Denial of Service
AFFECTED VENDORS:
Microsoft
AFFECTED PRODUCTS:
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x
REMEDIATION
Apply update.
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (KB4471982, KB4470492):
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) (KB4471982, KB4470492):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471982
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (KB4471982, KB4470498):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) (KB4471982, KB4470498):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471982
Microsoft .NET Framework 3.5 on Windows Server 2012 (KB4471982, KB4470601):
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) (KB4471982, KB4470601):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471982
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471984, KB4470500):
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471984, KB4470500):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471984
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 (KB4471981, KB4470600):
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 (KB4471981, KB4470600): Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471981, KB4470600):
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471981, KB4470600):
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471981, KB4470600):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471981
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems (KB4471983, KB4470499):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (KB4471983, KB4470499):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) (KB4471983, KB4470499):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems (KB4471983, KB4470499):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471983
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems (KB4471983, KB4470491):
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (KB4471983, KB4470491):
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) (KB4471983, KB4470491):
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems (KB4471983, KB4470491):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471983
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems (KB4471983, KB4470602):
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (KB4471983, KB4470602):
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) (KB4471983, KB4470602):
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems (KB4471983, KB4470602):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471983
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471990, KB4470637):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471990
Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471990, KB4470640):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471990
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 (KB4471987, KB4470641):
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471987, KB4470641):
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471987, KB4470641):
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 (KB4471987, KB4470641):
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471987, KB4470641):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471987
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (KB4471988, KB4470638):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) (KB4471988, KB4470638):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471988
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (KB4471988, KB4470623):
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) (KB4471988, KB4470623):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471988
Microsoft .NET Framework 3.5 on Windows Server 2012 (KB4471988, KB4470629):
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) (KB4471988, KB4470629):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471988
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1 (KB4471989, KB4470639):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471989
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems (KB4471989, KB4470639):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (KB4471989, KB4470639):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) (KB4471989, KB4470639):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471989
Microsoft .NET Framework 4.5.2 on Windows RT 8.1 (KB4470622):
Apply update (please see the vendor’s service database for details).
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems (KB4471989, KB4470622):
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (KB4471989, KB4470622):
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) (KB4471989, KB4470622):
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems (KB4471989, KB4470622):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471989
Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems (KB4471989, KB4470630):
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (KB4471989, KB4470630):
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) (KB4471989, KB4470630):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems (KB4471989, KB4470630):
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems (KB4471989, KB4470630):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471989
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (KB4471321):
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems (KB4471321):
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) (KB4471321):
Microsoft .NET Framework 3.5 on Windows Server 2016 (KB4471321):
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems (KB4471321):
Microsoft .NET Framework 3.5 on Windows Server 2016 (Server Core installation) (KB4471321):
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems (KB4471321):
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems (KB4471321):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471321
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems (KB4471327):
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for x64-based Systems (KB4471327):
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems (KB4471327):
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for 32-bit Systems (KB4471327):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471327
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems (KB4470502):
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (KB4470502):
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation) (KB4470502):
Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for x64-based Systems (KB4470502):
Microsoft .NET Framework 3.5 on Windows Server 2019 (KB4470502):
Microsoft .NET Framework 3.5 on Windows Server 2019 (Server Core installation) (KB4470502):
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems (KB4470502):
Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for 32-bit Systems (KB4470502):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4470502
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems (KB4471329):
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems (KB4471329):
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems (KB4471329):
Microsoft .NET Framework 4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation) (KB4471329):
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems (KB4471329):
Microsoft .NET Framework 3.5 on Windows Server, version 1709 (Server Core Installation) (KB4471329):
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems (KB4471329):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471329
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems (KB4471324):
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for 32-bit Systems (KB4471324):
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems (KB4471324):
Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation) (KB4471324):
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for x64-based Systems (KB4471324):
Microsoft .NET Framework 3.5 on Windows Server, version 1803 (Server Core Installation) (KB4471324):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471324
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 (KB4471987, KB4470637):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471987, KB4470637):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471987, KB4470637):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471987, KB4470637):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471987, KB4470637):
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471987, KB4470637):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471987
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 (KB4471987, KB4470640):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471987, KB4470640):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471987, KB4470640):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471987, KB4470640):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471987
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 (KB4471981, KB4470493):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471981, KB4470493):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471981, KB4470493):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471981, KB4470493):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471981, KB4470493):
Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471981, KB4470493):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471981
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 (KB4471984, KB4470500):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471984, KB4470500):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471984, KB4470500):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471984
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471981, KB4470500):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471981
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471984, KB4470493):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471984, KB4470493):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471984
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471981, KB4470600):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471981, KB4470600):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471981
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471990, KB4470637):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471990, KB4470637):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471990
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471990, KB4470640):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471990
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471987, KB4470641):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471987, KB4470641):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471987
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems (KB4471989, KB4470639):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471989
Microsoft .NET Framework 4.6.2 on Windows 10 for x64-based Systems (KB4471323):
Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems (KB4471323):
Microsoft .NET Framework 4.6.2 on Windows 10 for 32-bit Systems (KB4471323):
Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems (KB4471323):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471323
Note: Security updates for Windows RT 8.1, Windows Server 2016, and Windows 10 are available via e.g. Windows Update or Windows Update Catalog only.