Updated Microsoft Security Advisory Information

Microsoft revised some security information (Microsoft Security Advisory Notification) on July 19, 2018. There were also revisions to the descriptions of the security updates. Here is an overview of what has changed. 


Advertising


********************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 19, 2018
********************************************************************
Security Advisories Released or Updated on July 19, 2018
===================================================================

* Microsoft Security Advisory ADV180002

– Title: Guidance to mitigate speculative execution side-channel
   vulnerabilities
https://portal.msrc.microsoft.com/en-us/security-guidance/
     advisory/ADV180002

– Reason for Revision: To address a known issue in the security
   updates released on July 10, Microsoft is releasing Alternate
   Cumulative update packages for Windows 10, and Standalone and
   Preview Rollup packages for all other supported editions of
   Windows. These packages are available via Microsoft Update
   catalog, WSUS, or by manually searching Windows Update. Customers
   who are experiencing issues after installing the July Windows
   security updates should install the replacement packages as
   applicable. Please refer to the Affected Products table for the
   replacement package KB numbers. Customers who have successfully
   installed the security updates and who are not experiencing any
   issues do not need to take any action.
– Originally posted: January 3, 2018
– Updated: July 19, 2018
– Version: 22.0

* Microsoft Security Advisory ADV180016

– Title: Microsoft Guidance for Lazy FP State Restore
https://portal.msrc.microsoft.com/en-us/security-guidance/
    advisory/ADV180016

– Reason for Revision: To address a known issue in the security
   updates released on July 10, Microsoft is releasing Alternate
   Cumulative update packages for Windows 10, and Standalone and
   Preview Rollup packages for all other supported editions of
   Windows. These packages are available via Microsoft Update
   catalog, WSUS, or by manually searching Windows Update. Customers
   who are experiencing issues after installing the July Windows
   security updates should install the replacement packages as
   applicable. Please refer to the Affected Products table for the
   replacement package KB numbers. Customers who have successfully
   installed the security updates and who are not experiencing any
   issues do not need to take any action.
– Originally posted: June 13, 2018
– Updated: July 19, 2018
– Version: 3.0


Advertising

********************************************************************
Title: Microsoft Security Update Releases
Issued: July 19, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8202
* CVE-2018-8260
* CVE-2018-8284
* CVE-2018-8356
 
Revision Information:
=====================

https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To address a known issue in the security
   updates released on July 10, Microsoft is releasing Cumulative
   Update packages for all supported editions of Windows 10. These
   packages are available via Microsoft Update catalog, WSUS, or by
   manually searching Windows Update. Customers who are experiencing
   issues after installing the July Windows security updates should
   install the replacement packages as applicable. Note that the
   Monthly Rollup and Security Only updates for .NET Framework are
   not affected. Please refer to the Affected Products table for the
   replacement package KB numbers. Customers who have successfully
   installed the security updates and who are not experiencing any
   issues do not need to take any action.
– Originally posted: July 10, 2018
– Updated: July 19, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0

The following CVEs have undergone a major revision increment:

* CVE-2018-0949
* CVE-2018-8242
* CVE-2018-8287
* CVE-2018-8288
* CVE-2018-8291
* CVE-2018-8296

Revision Information:
=====================

https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To address a known issue in the security
   updates released on July 10, Microsoft is releasing Cumulative
   Update packages for Windows 10, and Standalone and Preview Rollup
   packages for all other supported editions of Windows. These packages
   are available via Microsoft Update catalog, WSUS, or by manually
   searching Windows Update. Customers who are experiencing issues
   after installing the July Windows security updates should install
   the replacement packages as applicable. Note that the IE Cumulative
   updates are not affected. Please refer to the Affected Products
   table for the replacement package KB numbers. Customers who have
   successfully installed the security updates and who are not
   experiencing any issues do not need to take any action.
– Originally posted: July 10, 2018
– Updated: July 19, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0

The following CVEs have undergone a major revision increment:

* CVE-2018-8125    * CVE-2018-8279    * CVE-2018-8301
* CVE-2018-8206    * CVE-2018-8280    * CVE-2018-8304
* CVE-2018-8222    * CVE-2018-8282    * CVE-2018-8307
* CVE-2018-8262    * CVE-2018-8286    * CVE-2018-8308
* CVE-2018-8274    * CVE-2018-8289    * CVE-2018-8309
* CVE-2018-8275    * CVE-2018-8290    * CVE-2018-8313
* CVE-2018-8276    * CVE-2018-8294    * CVE-2018-8314
* CVE-2018-8278    * CVE-2018-8297    * CVE-2018-8324
                * CVE-2018-8325

Revision Information:
=====================

https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To address a known issue in the security
   updates released on July 10, Microsoft is releasing Cumulative
   Update packages for Windows 10, and Standalone and Preview Rollup
   packages for all other supported editions of Windows. These
   packages are available via Microsoft Update catalog, WSUS, or by
   manually searching Windows Update. Customers who are experiencing
   issues after installing the July Windows security updates should
   install the replacement packages as applicable. Please refer to the
   Affected Products table for the replacement package KB numbers.
   Customers who have successfully installed the security updates and
   who are not experiencing any issues do not need to take any action.
– Originally posted: July 10, 2018
– Updated: July 19, 2018
– Aggregate CVE Severity Rating: Critical
– Version: 2.0

The following CVE has undergone a major revision increment:

* CVE-2018-8356

Revision Information:
=====================

https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to
   include PowerShell Core 6.0 and PowerShell Core 6.1 because
   these products are affected by CVE-2018-9356. See
   https://github.com/PowerShell/Announcements/issues/6 for
   more information.
– Originally posted: July 10, 2018
– Updated: July 19, 2018
– Aggregate CVE Severity Rating: Important
– Version: 3.0


Advertising


This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *