{"id":211743,"date":"2018-11-15T00:13:00","date_gmt":"2018-11-14T23:13:00","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=211743"},"modified":"2022-08-22T10:12:56","modified_gmt":"2022-08-22T08:12:56","slug":"microsoft-security-update-releases-advisory-notification","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2018\/11\/15\/microsoft-security-update-releases-advisory-notification\/","title":{"rendered":"Microsoft Security Update Releases\/Advisory Notification"},"content":{"rendered":"

[English<\/a>]Kurzer Nachtrag \u2013 zum Patchday (13. November 2018) hat Microsoft auch zwei Dokumente mit Security Update Releases-Informationen und Security Update Advisory Notification freigegeben. Erg\u00e4nzung:<\/strong> Zum 14. November 2018 wurden weitere Revisionen nachgetragen.<\/p>\n

<\/p>\n

\"\"Hier die unmodifizierten Texte. Interessant ist, dass Micrsosoft erstmals eine Liste der Servicing Stack Updates (SSUs) ver\u00f6ffentlicht.<\/p>\n

********************************************************************
\nTitle: Microsoft Security Advisory Notification<\/strong>
\nIssued: November 13, 2018
\n********************************************************************<\/p>\n

Security Advisories Released or Updated on November 13, 2018
\n===================================================================<\/p>\n

* Microsoft Security Advisory ADV990001<\/p>\n

– Title: Latest Servicing Stack Updates<\/strong>
\n– ADV990001<\/a>
\n– Reason for Revision: Information published
\n– Originally posted: November 13, 2018
\n– Updated: N\/A
\n– Version: 1.0<\/p>\n

* Microsoft Security Advisory ADV180002<\/p>\n

– Title: Guidance to mitigate speculative execution
\nside-channel vulnerabilities<\/strong>
\n– ADV180002<\/a>
\n– Reason for Revision: The following updates have been made:
\n1. Added information to FAQ #9 for customers running Windows
\nServer 2019. 2. Updated FAQ #18 to announce that with the Windows
\nsecurity updates released on November 13, 2018, Microsoft is
\nproviding the solution for customers with AMD-based devices who
\nexperienced high CPU utilization after installing the June or
\nJuly security updates and updated microcode from AMD. Microsoft
\nrecommends that these customers install the November Windows
\nsecurity updates and re-enable the Spectre Variant 2 mitigations
\nif they were previously disabled. This solution is available in
\nthe November Windows security updates for: Windows Server 2008,
\nWindows Server 2012, Windows 8.1, and Windows Server 2012 R2.
\n3. Added FAQ #20 to address the mitigations for ARM CPUs for
\nCVE 2017-5715, Branch Target Injection.
\n– Originally posted: January 3, 2018
\n– Updated: November 13, 2018
\n– Version: 26.0<\/p>\n

* Microsoft Security Advisory ADV180012<\/p>\n

– Title: Microsoft Guidance for Speculative Store Bypass<\/strong>
\n– ADV180012<\/a>
\n– Reason for Revision: The following updates have been made to
\nthis advisory: 1. Microsoft is announcing that the security
\nupdates released on November 13, 2018 for all supported versions
\nof Windows 10, and for Windows Server 2016; Windows Server,
\nversion 1709; Windows Server, version 1803; and Windows Server
\n2019 provide protections against the Speculative Store Bypass
\nvulnerability (CVE-2018-3639) for AMD-based computers. These
\nprotections are not enabled by default. For Windows client
\n(IT pro) guidance, follow the instructions in KB4073119.
\n2. Microsoft is announcing the availability of updates for
\nSurface Studio and Surface Book that address the Speculative
\nStore Bypass (SSB) (CVE-2018-3639) vulnerability. See the
\nAffected Products table for links to download and install the
\nupdates. See Microsoft Knowledge Base article 4073065 for more
\ninformation. 3. In the Security Updates table, the Article and
\nDownload links have been corrected for affected Surface devices.
\n4. Windows 10 version 1809 and Windows Server 2019 have been
\nadded to the Security Updates table because they are affected by
\nthe SSB vulnerability. 5. The Recommended Actions and FAQ
\nsections have been updated to include information for devices
\nusing AMD processors.
\n– Originally posted: May 21, 2018
\n– Updated: November 13, 2018
\n– Version: 6.0<\/p>\n

* Microsoft Security Advisory ADV180013<\/p>\n

– Title: Microsoft Guidance for Rogue System Register Read<\/strong>
\n– ADV180013<\/a>
\n– Reason for Revision: The following updates have been made to this
\nadvisory: 1. Microsoft is announcing the availability of updates
\nfor Surface Book that address the Rogue System Registry Read
\n(CVE-2018-3640) vulnerability. See the Affected Products table
\nfor links to download and install the updates. See Microsoft
\nKnowledge Base article 4073065 for more information.
\n2. In the Security Updates table, the Article and Download
\nlinks have been corrected.
\n– Originally posted: May 21, 2018
\n– Updated: November 13, 2018
\n– Version: 5.0<\/p>\n

* Microsoft Security Advisory ADV180018<\/p>\n

– Title: Microsoft guidance to mitigate L1TF variant<\/strong>
\n– ADV180018<\/a>
\n– Reason for Revision: The following updates have been made:
\n1. Updated the \"Microsoft Windows client customers\" section to
\nprovide clarification about how the protections for
\nCVE-2018-5754 and CVE-2018-3620 are related. Customers that
\nhave disabled the protection for CVE-2017-5754 must re-enable it
\nto gain protection for CVE-2018-3620 (See FAQ#2).
\n2. Updated the \"Microsoft Window Server customers\" section to
\ninclude information for customers running Windows Server 2019.
\nAdded further clarification to address VBS, Hyper-V, and
\nHyper-Threading configurations based on the version of Windows
\nServer. 3. In FAQ 3, added Windows 10 Version 1809 to the list
\nof Windows versions in which VBS is supported.
\n– Originally posted: August 14, 2018
\n– Updated: November 13, 2018
\n– Version: 5.0<\/p>\n

********************************************************************
\nTitle: Microsoft Security Update Releases<\/strong>
\nIssued: November 13, 2018
\n********************************************************************<\/p>\n

Summary
\n=======<\/p>\n

The following CVE been added to the September 2018 Security updates:<\/p>\n

* CVE-2018-8529<\/p>\n

Revision Information:
\n=====================<\/p>\n

– CVE-2018-8529 | Team Foundation Server Remote Code Execution
\nVulnerability
\n<\/strong>– https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance<\/a>
\n– Reason for Revision: Information published. CVE-2018-8529 has
\nbeen added to the September 2018 Security Updates.
\n– Originally posted: November 13, 2018
\n– Aggregate CVE Severity Rating: Important
\n– Version: 1.0<\/p>\n

********************************************************************
\nTitle: Microsoft Security Update Minor Revisions<\/strong>
\nIssued: November 14, 2018
\n********************************************************************<\/p>\n

Summary
\n=======<\/p>\n

The following CVEs and advisory have undergone a minor revision
\nincrement:<\/p>\n

* CVE-2018-8454
\n* CVE-2018-8552
\n* ADV990001<\/p>\n

Revision Information:
\n=====================<\/p>\n

– CVE-2018-8454 | Windows Audio Service Information Disclosure
\nVulnerability
\n– CVE-2018-8454<\/a>
\n– Reason for Revision: Corrected vulnerability description. This
\nis an informational change only.
\n– Originally posted: November 13, 2018
\n– Updated: November 13, 2018
\n– Aggregate CVE Severity Rating: Important
\n– Version: 1.1<\/p>\n

– CVE-2018-8552 | Scripting Engine Memory Corruption
\nVulnerability
\n– CVE-2018-8552<\/a>
\n– Reason for Revision: Corrected the CVE title and description
\nto address the vulnerability as remote code execution. In the
\nAffected Products table, corrected the Impact to Remote Code
\nExecution. This is an informational change only.
\n– Originally posted: November 13, 2018
\n– Updated: November 14, 2018
\n– Aggregate CVE Severity Rating: Important
\n– Version: 1.1<\/p>\n

– ADV990001 | Latest Servicing Stack Updates
\nVulnerability
\n– ADV990001<\/a>
\n– Reason for Revision: Corrected the link to the Windows Server
\n2008 Servicing Stack Update. This is an informational change
\nonly.
\n– Originally posted: November 13, 2018
\n– Updated: November 14, 2018
\n– Aggregate CVE Severity Rating: None
\n– Version: 1.1<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

[English]Kurzer Nachtrag \u2013 zum Patchday (13. November 2018) hat Microsoft auch zwei Dokumente mit Security Update Releases-Informationen und Security Update Advisory Notification freigegeben. Erg\u00e4nzung: Zum 14. November 2018 wurden weitere Revisionen nachgetragen.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426],"tags":[4328],"class_list":["post-211743","post","type-post","status-publish","format-standard","hentry","category-sicherheit","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/211743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=211743"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/211743\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=211743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=211743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=211743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}