As part of the June 2018 patchday (June 12, 2018), Microsoft has also updated and reissued several security warnings. Here is an uncommented overview of what has changed.
Advertising
********************************************************************
Title: Microsoft Security Update Releases
Issued: June 12, 2018
********************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2018-0976
* CVE-2018-1003
* CVE-2018-8136
Revision Information:
=====================
Advertising
– CVE-2018-0976 | Windows Remote Desktop Protocol (RDP) Denial of
Service Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Microsoft is re-releasing security update
4093227 for all supported versions of Windows Server 2008 Service
Pack 2 to address a signing issue experienced by some customers.
Customers should reinstall this new update.
– Originally posted: April 10, 2018
– Updated: June 12, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0
– CVE-2018-1003 | Microsoft JET Database Engine Remote Code
Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to
include Windows 10 Version 1803 for 32-bit System, Windows 10
Version 1803 for x64-based Systems, and Windows Server
version 1803 (Server Core installation) because they are
affected by CVE-2018-1003. Microsoft recommends that
customers running Windows 10 Version 1803 install update
4284835 to be protected from this vulnerability.
– Originally posted: April 10, 2018
– Updated: June 12, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0
– CVE-2018-8136 | Windows Remote Code Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: CVE revised to announce the availability
of security update 4130956 for Windows Server 2008. See
Microsoft Knowledge Base Article 4130956 for more information.
– Originally posted: May 5, 2018
– Updated: June 12, 2018
– Aggregate CVE Severity Rating: Low
– Version: 2.0
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 12, 2018
********************************************************************
Security Advisories Released or Updated on June 12, 2018
====================================================
* Microsoft Security Advisory 4338110
– Title: Microsoft guidance for CBC Symmetric Encryption Security
Feature Bypass
– https://docs.microsoft.com/en-us/security-updates/securityadvisories/2018/4338110
– Reason for Revision: Information published.
– Originally posted: June 12, 2018
– Version: 1.0
* Microsoft Security Advisory 180002
– Title: Guidance to mitigate speculative execution side-channel
vulnerabilities
– https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
– Reason for Revision: Updated FAQ #15 to announce that the
following security updates provide addtional mitigations for AMD
processors for CVE-2017-5715: 1. Security update 4284874 for
Windows 10 Version 1703 – see KB4103723 for more information.
2. Security update 4284860 for Windows 10 – see KB4284860 for
more information.
3. Security update 4284826 (monthly rollup) or 4284867
(security only) for Windows 7, Windows Server 2008 R2, or
Windows Server 2008 R2 (Server Core installation) – see
KB4284826 or KB4284867 for more information.
– Originally posted: January 3, 2018
– Updated: June 12, 2018
– Version: 20.0
* Microsoft Security Advisory 180012
– Title: Microsoft Guidance for Speculative Store Bypass
– https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
– Reason for Revision: Microsoft is announcing that the Windows
security updates released on June 12, 2018 include support for
Speculative Store Bypass Disable (SSBD) in Intel processors. This
support is available for all supported editions of Windows 10,
Windows Server 2016, Windows 7, and Windows Server 2008 R2. See
the Affected Products table for the security updates. The
Recommended Actions section of this advisory has been updated
to include steps for applying updates to mitigate CVE-2018-3639 –
Speculative Store Bypass (SSB), Variant 4. In addtion, revisions
have been made to the FAQ section to address questions about
performance implications of these updates and of SSBD.
– Originally posted: May 21, 2018
– Updated: June 12, 2018
– Version: 2.0
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 13, 2018
********************************************************************
Security Advisories Released or Updated on June 13, 2018
=====================================================
* Microsoft Security Advisory 180016
– Title: Microsoft Guidance for Lazy FP State Restore
– https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180016
– Reason for Revision: Information published.
– Originally posted: June 13, 2018
– Updated: N/A
– Version: 1.0
