[German]Effective August 1, 2018, Microsoft has pulished Microsoft Security Update Releases for CVE-2018-8172 and CVE-2018-8202 and Microsoft Security Advisory Notification (with notes on Spectre patches). Here are the details.
Advertising
********************************************************************
Title: Microsoft Security Update Releases
Issued: August 1, 2018
********************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2018-8172
* CVE-2018-8202
Revision Information:
=====================
Advertising
– CVE-2018-8172 | Visual Studio Remote Code Execution
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to
include Expression Blend 3 Service Pack 1 and Expression Blend
2 Service Pack 2 because they are also affected by this
vulnerability. Microsoft recommends that customers running
either of these versions of Expression Blend install the
update to be fully protected from this vulnerability.
– Originally posted: July 10, 2018
– Updated: July 31, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0
– CVE-2018-8202 | .NET Framework Elevation of Privilege
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Microsoft is announcing the release of
updates, available via the Microsoft Update catalog, to resolve
known issues some customers experienced after installing the
July 2018 security updates for .NET Framework. Microsoft
recommends that customers who experienced application errors as
described in KB4345913
(https://support.microsoft.com/en-us/help/4345913) install the
applicable Standalone update for your system. Customers running
Window 10 Version 1607 or Windows Server 2016 should install
Cumulative update 4346877 to resolve application errors. See
the Affected Products table for links to download and install
the updates.
– Originally posted: July 10, 2018
– Updated: July 31, 2018
– Aggregate CVE Severity Rating: Important
– Version: 4.0
I reported on the last point in the article NET-Framework Updates July 30, 2018 with Fixes. The second document concerns notes for the Spectre patches:
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 1, 2018
********************************************************************
Security Advisories Released or Updated on August 1, 2018
===================================================================
* Microsoft Security Advisory ADV180002
– Title: Guidance to mitigate speculative execution side-channel
vulnerabilities
– https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180002
– Reason for Revision: Added FAQ #18 to address a high CPU
utilization issue some customers with an AMD-based device are
experiencing after installing the June or July Windows security
updates or after installing a BIOS update.
– Originally posted: January 3, 2018
– Updated: August 1, 2018
– Version: 23.0
