[German]Microsoft released a series of security updates for Windows and other products on February 13, 2018. Here is a brief overview of critical and non-critical security updates, a list of all 50 CVEs and details to an updated Microsoft Security Advisory Notification.
Advertising
Details of these security updates can be found in the Microsoft Security TechCenter. I will also document the updates in separate blog posts.
Critical Security Updates
ChakraCore
Microsoft Edge
Internet Explorer 9
Internet Explorer 11
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core
installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation)
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 Version 1511 for 32-bit Systems
Windows 10 Version 1511 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Microsoft Outlook 2007 Service Pack 3
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Outlook 2013 RT Service Pack 1
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2016 (64-bit edition)
Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions
Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions
Important Security Updates
Microsoft Office Word Viewer
Microsoft Project Server 2013 Service Pack 1
Microsoft SharePoint Enterprise Server 2016
Moderate Security Updates
Internet Explorer 10
Overview: Closed CVEs
Here is the list of all 50 vulnerabilities that have been closed (see also). Details will follow in separate articles.
Advertising
| Tag | CVE ID | CVE Title |
|---|---|---|
| Side-Channel | ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities |
| Adobe Flash Player | ADV180004 | February 2018 Adobe Flash Security Update |
| Common Log File System Driver | CVE-2018-0844 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Common Log File System Driver | CVE-2018-0846 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Device Guard | CVE-2018-0827 | Windows Security Feature Bypass Vulnerability |
| Graphic Fonts | CVE-2018-0855 | Windows EOT Font Engine Information Disclosure Vulnerability |
| Graphic Fonts | CVE-2018-0755 | Windows EOT Font Engine Information Disclosure Vulnerability |
| Graphic Fonts | CVE-2018-0760 | Windows EOT Font Engine Information Disclosure Vulnerability |
| Graphic Fonts | CVE-2018-0761 | Windows EOT Font Engine Information Disclosure Vulnerability |
| Internet Explorer | CVE-2018-0866 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Browsers | CVE-2018-0840 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2018-0839 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2018-0771 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Edge | CVE-2018-0763 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-0869 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-0864 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-0852 | Microsoft Outlook Memory Corruption Vulnerability |
| Microsoft Office | CVE-2018-0851 | Microsoft Office Memory Corruption Vulnerability |
| Microsoft Office | CVE-2018-0850 | Microsoft Outlook Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2018-0853 | Microsoft Office Information Disclosure Vulnerability |
| Microsoft Office | CVE-2018-0841 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0859 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0860 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0861 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0858 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0836 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0835 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0837 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0838 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0856 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0857 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2018-0834 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2018-0822 | Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-0823 | Named Pipe File System Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-0825 | StructuredQuery Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2018-0828 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-0826 | Windows Storage Services Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-0821 | Windows AppContainer Elevation Of Privilege Vulnerability |
| Microsoft Windows | CVE-2018-0847 | Windows Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2018-0820 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-0831 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-0832 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0830 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0829 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0757 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0742 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-0756 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-0809 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2018-0810 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0843 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2018-0842 | Windows Remote Code Execution Vulnerability |
| Windows SMB Server | CVE-2018-0833 | Windows Denial of Service Vulnerability |
MS Security Advisory Notification (February 13, 2018)
Microsoft Security Advisory ADV180002 Updated on February 13
– Title: Guidance to mitigate speculative execution side-channel
vulnerabilities
– https:https://portal.msrc.microsoft.com/en-US/security-guidance/
advisory/ADV180002
– Reason for Revision: Microsoft has released security updates to
provide additional protections for the 32-bit (x86) versions of
Windows 10 as follows: 4074596 for Windows 10, 4074591 for Windows
10 Version 1511, 4074590 for Windows 10 Version 1607, and 4074592
for Windows 10 Version 1703. Microsoft recommends that customers
running 32-bit systems install the applicable update as soon as
possible. Microsoft continues to work to provide 32-bit (x86)
protections for other supported Windows versions but does not
have a release schedule at this time. These update will be
included in subsequent updates, and do not apply to x64
(64-bit) systems. Added a section under Advisory Details to
announce that Microsoft has released mitigations for Windows
Holographic to Microsoft HoloLens customers that are provided
automatically as part of the February 2018 Windows Security
Update to Windows 10 Version 1607 for HoloLens. HoloLens
customers do not need to take any additional action to update
their device firmware. Added FAQ#12 and FAQ#13 to provide
further information for installing the February 2018
security updates.
Similar articles:
Adobe Flash Player: New Update 28.0.0.161
Update KB4074595 (Flash Player) for Windows
Microsoft Office Patchday (February 6, 2018)
Microsoft Patchday Summary (February 13, 2018)
Patchday: Updates for Windows 7/8.1 (February 13, 2018)
Patchday: Windows 10 updates (February 13, 2018)
Patchday: Other Microsoft Updates (February 13, 2018)
Advertising
KB4074852 Error
1.- https://msfn.org/board/topic/171814-posready-2009-updates-ported-to-windows-xp-sp3-enu/?do=findComment&comment=1150766
2.- Malwarebytes crash.
Thx for the information