Kaspersky Threats

Detect date

?

07/10/2018

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges.

Below is a complete list of vulnerabilities:

A security feature bypass vulnerability in Internet Explorer can be exploited remotely to bypass security restrictions.
A spoofing vulnerability in Microsoft Edge can be exploited remotely to spoof user interface.
A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code.
A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely to execute arbitrary code.
A memory corruption vulnerability in Microsoft Edge can be exploited remotely to execute arbitrary code.
A memory corruption vulnerability in Microsoft Edge can be exploited remotely to obtain sensitive information.
An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely to obtain sensitive information.
A security feature bypass vulnerability in Scripting Engine can be exploited remotely to bypass security restrictions.

Affected products

Internet Explorer 10
Internet Explorer 11
Microsoft Edge (EdgeHTML-based)
ChakraCore

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-0949
CVE-2018-8278
CVE-2018-8242
CVE-2018-8286
CVE-2018-8279
CVE-2018-8324
CVE-2018-8294
CVE-2018-8296
CVE-2018-8297
CVE-2018-8262
CVE-2018-8125
CVE-2018-8276
CVE-2018-8280
CVE-2018-8290
CVE-2018-8274
CVE-2018-8325
CVE-2018-8301
CVE-2018-8289
CVE-2018-8288
CVE-2018-8291
CVE-2018-8275
CVE-2018-8287
CVE-2018-8298
CVE-2018-8283

Impacts

?

ACE

[?]

OSI

[?]

SB

[?]

PE

[?]

SUI

[?]

Detect date ?	07/10/2018
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: A security feature bypass vulnerability in Internet Explorer can be exploited remotely to bypass security restrictions. A spoofing vulnerability in Microsoft Edge can be exploited remotely to spoof user interface. A memory corruption vulnerability in Scripting Engine can be exploited remotely to execute arbitrary code. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely to execute arbitrary code. A memory corruption vulnerability in Microsoft Edge can be exploited remotely to execute arbitrary code. A memory corruption vulnerability in Microsoft Edge can be exploited remotely to obtain sensitive information. An information disclosure vulnerability in Microsoft Edge based on Edge HTML can be exploited remotely to obtain sensitive information. A security feature bypass vulnerability in Scripting Engine can be exploited remotely to bypass security restrictions.
Affected products	Internet Explorer 10 Internet Explorer 11 Microsoft Edge (EdgeHTML-based) ChakraCore
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2018-0949 CVE-2018-8278 CVE-2018-8242 CVE-2018-8286 CVE-2018-8279 CVE-2018-8324 CVE-2018-8294 CVE-2018-8296 CVE-2018-8297 CVE-2018-8262 CVE-2018-8125 CVE-2018-8276 CVE-2018-8280 CVE-2018-8290 CVE-2018-8274 CVE-2018-8325 CVE-2018-8301 CVE-2018-8289 CVE-2018-8288 CVE-2018-8291 CVE-2018-8275 CVE-2018-8287 CVE-2018-8298 CVE-2018-8283
Impacts ?	ACE [?] OSI [?] SB [?] PE [?] SUI [?]
Related products	Microsoft Internet Explorer Microsoft Edge ChakraCore
CVE-IDS ?	CVE-2018-09494.3Warning CVE-2018-82785.8High CVE-2018-82427.6Critical CVE-2018-83244.3Warning CVE-2018-82967.6Critical CVE-2018-82974.3Warning CVE-2018-82627.6Critical CVE-2018-81257.6Critical CVE-2018-82747.6Critical CVE-2018-83254.3Warning CVE-2018-83017.6Critical CVE-2018-82894.3Warning
Microsoft official advisories	Microsoft Security Update Guide
KB list	4338830 4338815 4338825 4338814 4338818 4338829 4338819 4338826 4345421 4345419 4338816 4345455 4338831 4345459 4345420 4345424 4338821 4345425 4345418 4339093
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/45214 https://www.exploit-db.com/exploits/45213 https://www.exploit-db.com/exploits/45215 https://www.exploit-db.com/exploits/45217
	Find out the statistics of the vulnerabilities spreading in your region

KLA11290Multiple vulnerabilities in Microsoft Edge and Internet Explorer

KLA11290
Multiple vulnerabilities in Microsoft Edge and Internet Explorer