Microsoft Security Advisories and Update revisions

Posted on 2018-09-17 by guenni

[German]Another addendum from last week regarding security advisories from Microsoft including changes to update descriptions.

Advertising

FragmentSmack vulnerability (CVE-2018-5391)

The security warning about the FragmentSmack vulnerability CVE-2018-5391 was issued in August 2018 (see this Microsoft article). The vulnerability allows attackers to execute a denial of service attack. It forces Windows systems to their knees and stops responding.

The vulnerability affects all versions of Windows 7 to 10 (including 8.1 RT), as well as Windows Server 2008, 2012, and 2016. On September 11, 2018, Microsoft released security updates for various versions of Windows for the FragmentSmack vulnerability CVE-2018-5391. These fix the vulnerability. A list of updates can be found here (search for the CVE). At Bleeping Computer there is this article, which deals more extensively with the topic.

More Security Messages

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
======================================================

* Microsoft Security Advisory ADV180002

Advertising

– Title: Guidance to mitigate speculative execution
   side-channel vulnerabilities
ADV180002
– Reason for Revision: The following updates have been made:
   1. Microsoft has released security update 4457128 for Windows
   10 Version 1803 for ARM64-based Systems to provide protection
   against CVE-2017-5715. See the Affected Products table for links
   to download and install the update. Note that this update is also
   available via Windows Update. 2. Added FAQ #19 to explain where
   customer can find and install ARM64 firmware that address
   CVE-2017-5715 – Branch target injection (Spectre, Variant 2).
– Originally posted: January 3, 2018
– Updated: September 11, 2018
– Version: 25.0

* Microsoft Security Advisory ADV180018

– Title: Microsoft guidance to mitigate L1TF variant
ADV180018
– Reason for RevisioMicrosoft is announcing the release of
   Monthly Rollup 4458010 and Security Only 4457984 for Windows
   Server 2008 to provide additional protections against the
   speculative execution side-channel vulnerability known as L1
   Terminal Fault (L1TF) that affects Intel® Core® processors and
   Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646).
   Customers running Windows Server 2008 should install either
   4458010 or 4457984 in addition to Security Update 4341832, which
   was released on August 14, 2018.
   See [Windows Server 2008 SP2 servicing changes ] for
   more information. In addition, a note has been added to FAQ #2
   to provide further information regarding enabling the mitigation
   for CVE-2017-5754 (Meltdown).
– Originally posted: August 14, 2018
– Updated: September 11, 2018
– Version: 4.0

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************
Security Advisories Released or Updated on September 12, 2018
=======================================================

* Microsoft Security Advisory ADV180022

– Title: Windows Denial of Service Vulnerability
ADV180022
– Reason for Revision: Removed FAQ #3 regarding when the security
   updates would be available for this vulnerability. The security
   updates were released on September 9, 2018 at the same time the
   advisory was published; therefore, the FAQ is not applicable. This
   is an informational change only.
– Originally posted: September 11, 2018
– Updated: September 12, 2018
– Version: 1.1

********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************

Summary
=======

The following CVE has undergone a major revision increment:

* CVE-2018-8154
Revision Information:
=====================

– CVE-2018-8154 | Microsoft Exchange Memory Corruption
   Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2018-8154,
   Microsoft has released security update 4458311 for Microsoft
   Exchange Server 2010 Service Pack 3. Microsoft recommends that
   enterprise customers running Microsoft Exchange Server 2010
   Service Pack 3 ensure that they have update 4458311 installed
   to be protected from this vulnerability.
– Originally posted: May 8, 2018
– Updated: September 11, 2018
– Aggregate CVE Severity Rating: Critical
– Version: 2.0

Advertising
This entry was posted in Security, Update, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).