On August 14, 2018, Microsoft published two more Security Advisory Notifications dealing with the newly discovered vulnerabilities (L1TF). Addendum: Security Advisory from August 15, 2018 added.
Advertising
********************************************************************
Security Advisories Released or Updated on August 14, 2018
********************************************************************
Microsoft Security Advisory ADV180018
– Title: Microsoft guidance to mitigate L1TF variant
– ADV180018
– Reason for Revision: Information published.
– Originally posted: August 14, 2018
– Updated: N/A
– Version: 1.0
* Microsoft Security Advisory ADV180016
– Title: Microsoft Guidance for Lazy FP State Restore
– ADV180016
– Reason for Revision: Microsoft is announcing that the Windows
security updates released on August 14, 2018 provide mitigations
for CVE-2018-3665 – Lazy FP State Restore. These updates are
available for 32-bit versions of Windows 7 and Windows Server
2008. See the Affected Products table to download and install
the security updates.
– Originally posted: June 13, 2018
– Updated: August 14, 2018
– Version: 4.0
********************************************************************
Microsoft Security Update Releases August 15, 2018
********************************************************************
Summary
=======
Advertising
The following CVEs have undergone a major revision increment:
* CVE-2018-8202
* CVE-2018-8284
Revision Information:
=====================
– CVE-2018-8202 | .NET Framework Elevation of Privilege
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Microsoft is releasing the August Monthly
Rollup, Security Only, and Security Updates to fully resolve known
issues some customers experienced after installing the July security
updates for .NET Framework. Customers who installed either the
Standalone updates or Alternate Cumulative update should also install
the August updates. See the Affected Products table for links
to download and install the August updates.
– Originally posted: July 10, 2018
– Updated: August 15, 2018
– Aggregate CVE Severity Rating: Important
– Version: 5.0
– CVE-2018-8284 | .NET Framework Remote Code Injection
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Updated the Affected Products to include
affected versions of Microsoft SharePoint Server, Microsoft
SharePoint Foundation, Microsoft SharePoint Enterprise Server,
and Microsoft Project Server. Customers running any of the
SharePoint products listed in the Affected Products table and
who are also running any affected versions of .NET Framework
need to install the security updates for the versions of .NET
running on their system to be fully protected from this
vulnerability.
– Originally posted: July 10, 2018
– Updated: August 14, 2018
– Aggregate CVE Severity Rating: Important
– Version: 3.0
********************************************************************
Microsoft Security Advisory Notification August 15, 2018
********************************************************************
Security Advisories Released or Updated on August 15, 2018
======================================================
Users of an AMD system should read Microsoft Security Advisory ADV180002.
* Microsoft Security Advisory ADV180002
– Title: Guidance to mitigate speculative execution side-channel
vulnerabilities
– ADV180002
– Reason for Revision: Updated FAQ #18 to announce that with the
Windows security updates released on Augus 18, 2918, Microsoft
is providing the solution for customers with AMD-based devices
who experienced high CPU utilization after installing the June
or July security updates and updated microcode from AMD. Microsoft
recommends that these customers install the August Windows
secrurity updates and re-enable the Spectre Variant 2 mitigations
if they were previously disabled. This solution is available in
the August Windows security updates for: Windows 10 version 1607.
Windows 10 version 1709. Windows 10 version 1803, Windows 7
Service Pack 1, Windows Server 2016, Windows Server, version 1709
(Server Core Installation), Windows Server, version 1803 (Server
Core Installation), and Windows Server 2008 R2 Service Pack 1.
The FAQ will be updated as further updates become available.
– Originally posted: January 3, 2018
– Updated: August 15, 2018
– Version: 24.0
* Microsoft Security Advisory ADV180021
– Title: Microsoft Office Defense in Depth Update
– ADV180021
– Reason for Revision: Information published.
– Originally posted: August 15, 2018
– Updated: N/A
– Version: 1.0
