{"id":209359,"date":"2018-09-16T01:14:09","date_gmt":"2018-09-15T23:14:09","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=209359"},"modified":"2022-08-22T10:19:06","modified_gmt":"2022-08-22T08:19:06","slug":"microsoft-security-advisories-und-update-nderungen","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2018\/09\/16\/microsoft-security-advisories-und-update-nderungen\/","title":{"rendered":"Microsoft Security Advisories und Update-Änderungen"},"content":{"rendered":"

[English<\/a>]Noch ein Nachtrag von dieser Woche in Sachen Sicherheitshinweise von Microsoft samt \u00c4nderungen an Update-Beschreibungen. Und ein Hinweis auf die\u00a0FragmentSmack-Schwachstelle (CVE-2018-5391).<\/p>\n

<\/p>\n

FragmentSmack-Schwachstelle (CVE-2018-5391)<\/h2>\n

\"\"Die Sicherheitswarnung vor der FragmentSmack-Schwachstelle CVE-2018-5391 gab es bereits im August 2018 (siehe diesen Microsoft-Artikel<\/a>). Die Schwachstelle erm\u00f6glicht es Angreifern eine Denial-of-Service-Attacke auszuf\u00fchren. Damit werden Windows-Systeme in die Knie gezwungen und reagieren nicht mehr.<\/p>\n

Die Schwachstelle betrifft alle Versionen von Windows 7 bis 10 (einschlie\u00dflich 8.1 RT), sowie Windows Server 2008, 2012 und 2016. Am 11. September 2018 hat Microsoft Sicherheitsupdates f\u00fcr diverse Windows-Versionen f\u00fcr die FragmentSmack-Schwachstelle CVE-2018-5391 herausgebracht. Diese schlie\u00dfen die Schwachstelle. Eine Liste der Updates findet sich hier<\/a> (nach der CVE suchen). Bei Bleeping Computer gibt es diesen Beitrag<\/a>, der sich ausgiebiger mit der Thematik auseinander setzt.<\/p>\n

Weitere Sicherheitsnachrichten<\/h2>\n

********************************************************************
\nTitle: Microsoft Security Advisory Notification
\nIssued: September 11, 2018
\n********************************************************************<\/p>\n

Security Advisories Released or Updated on September 11, 2018
\n======================================================<\/p>\n

* Microsoft Security Advisory ADV180002<\/p>\n

– Title: Guidance to mitigate speculative execution
\nside-channel vulnerabilities
\n– ADV180002<\/a>
\n– Reason for Revision: The following updates have been made:
\n1. Microsoft has released security update 4457128 for Windows
\n10 Version 1803 for ARM64-based Systems to provide protection
\nagainst CVE-2017-5715. See the Affected Products table for links
\nto download and install the update. Note that this update is also
\navailable via Windows Update. 2. Added FAQ #19 to explain where
\ncustomer can find and install ARM64 firmware that address
\nCVE-2017-5715 – Branch target injection (Spectre, Variant 2).
\n– Originally posted: January 3, 2018
\n– Updated: September 11, 2018
\n– Version: 25.0<\/p>\n

* Microsoft Security Advisory ADV180018<\/p>\n

– Title: Microsoft guidance to mitigate L1TF variant
\n– ADV180018<\/a>
\n– Reason for RevisioMicrosoft is announcing the release of
\nMonthly Rollup 4458010 and Security Only 4457984 for Windows
\nServer 2008 to provide additional protections against the
\nspeculative execution side-channel vulnerability known as L1
\nTerminal Fault (L1TF) that affects Intel\u00c2\u00ae Core\u00c2\u00ae processors and
\nIntel\u00c2\u00ae Xeon\u00c2\u00ae processors (CVE-2018-3620 and CVE-2018-3646).
\nCustomers running Windows Server 2008 should install either
\n4458010 or 4457984 in addition to Security Update 4341832, which
\nwas released on August 14, 2018.
\nSee [Windows Server 2008 SP2 servicing changes<\/a> ] for
\nmore information. In addition, a note has been added to FAQ #2
\nto provide further information regarding enabling the mitigation
\nfor CVE-2017-5754 (Meltdown).
\n– Originally posted: August 14, 2018
\n– Updated: September 11, 2018
\n– Version: 4.0<\/p>\n

********************************************************************
\nTitle: Microsoft Security Advisory Notification
\nIssued: September 12, 2018
\n********************************************************************
\nSecurity Advisories Released or Updated on September 12, 2018
\n=======================================================<\/p>\n

* Microsoft Security Advisory ADV180022<\/p>\n

– Title: Windows Denial of Service Vulnerability
\n– ADV180022<\/a>
\n– Reason for Revision: Removed FAQ #3 regarding when the security
\nupdates would be available for this vulnerability. The security
\nupdates were released on September 9, 2018 at the same time the
\nadvisory was published; therefore, the FAQ is not applicable. This
\nis an informational change only.
\n– Originally posted: September 11, 2018
\n– Updated: September 12, 2018
\n– Version: 1.1<\/p>\n

********************************************************************
\nTitle: Microsoft Security Update Releases
\nIssued: September 11, 2018
\n********************************************************************<\/p>\n

Summary
\n=======<\/p>\n

The following CVE has undergone a major revision increment:<\/p>\n

* CVE-2018-8154<\/p>\n

Revision Information:
\n=====================<\/p>\n

– CVE-2018-8154 | Microsoft Exchange Memory Corruption
\nVulnerability
\n– https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance<\/a>
\n– Reason for Revision: To comprehensively address CVE-2018-8154,
\nMicrosoft has released security update 4458311 for Microsoft
\nExchange Server 2010 Service Pack 3. Microsoft recommends that
\nenterprise customers running Microsoft Exchange Server 2010
\nService Pack 3 ensure that they have update 4458311 installed
\nto be protected from this vulnerability.
\n– Originally posted: May 8, 2018
\n– Updated: September 11, 2018
\n– Aggregate CVE Severity Rating: Critical
\n– Version: 2.0<\/p>\n","protected":false},"excerpt":{"rendered":"

[English]Noch ein Nachtrag von dieser Woche in Sachen Sicherheitshinweise von Microsoft samt \u00c4nderungen an Update-Beschreibungen. Und ein Hinweis auf die\u00a0FragmentSmack-Schwachstelle (CVE-2018-5391).<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426],"tags":[4328],"class_list":["post-209359","post","type-post","status-publish","format-standard","hentry","category-sicherheit","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/209359","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=209359"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/209359\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=209359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=209359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=209359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}