[German]Another addendum from last week regarding security advisories from Microsoft including changes to update descriptions.
Advertising
FragmentSmack vulnerability (CVE-2018-5391)
The security warning about the FragmentSmack vulnerability CVE-2018-5391 was issued in August 2018 (see this Microsoft article). The vulnerability allows attackers to execute a denial of service attack. It forces Windows systems to their knees and stops responding.
The vulnerability affects all versions of Windows 7 to 10 (including 8.1 RT), as well as Windows Server 2008, 2012, and 2016. On September 11, 2018, Microsoft released security updates for various versions of Windows for the FragmentSmack vulnerability CVE-2018-5391. These fix the vulnerability. A list of updates can be found here (search for the CVE). At Bleeping Computer there is this article, which deals more extensively with the topic.
More Security Messages
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************
Security Advisories Released or Updated on September 11, 2018
======================================================
* Microsoft Security Advisory ADV180002
Advertising
– Title: Guidance to mitigate speculative execution
side-channel vulnerabilities
– ADV180002
– Reason for Revision: The following updates have been made:
1. Microsoft has released security update 4457128 for Windows
10 Version 1803 for ARM64-based Systems to provide protection
against CVE-2017-5715. See the Affected Products table for links
to download and install the update. Note that this update is also
available via Windows Update. 2. Added FAQ #19 to explain where
customer can find and install ARM64 firmware that address
CVE-2017-5715 – Branch target injection (Spectre, Variant 2).
– Originally posted: January 3, 2018
– Updated: September 11, 2018
– Version: 25.0
* Microsoft Security Advisory ADV180018
– Title: Microsoft guidance to mitigate L1TF variant
– ADV180018
– Reason for RevisioMicrosoft is announcing the release of
Monthly Rollup 4458010 and Security Only 4457984 for Windows
Server 2008 to provide additional protections against the
speculative execution side-channel vulnerability known as L1
Terminal Fault (L1TF) that affects Intel® Core® processors and
Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646).
Customers running Windows Server 2008 should install either
4458010 or 4457984 in addition to Security Update 4341832, which
was released on August 14, 2018.
See [Windows Server 2008 SP2 servicing changes ] for
more information. In addition, a note has been added to FAQ #2
to provide further information regarding enabling the mitigation
for CVE-2017-5754 (Meltdown).
– Originally posted: August 14, 2018
– Updated: September 11, 2018
– Version: 4.0
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************
Security Advisories Released or Updated on September 12, 2018
=======================================================
* Microsoft Security Advisory ADV180022
– Title: Windows Denial of Service Vulnerability
– ADV180022
– Reason for Revision: Removed FAQ #3 regarding when the security
updates would be available for this vulnerability. The security
updates were released on September 9, 2018 at the same time the
advisory was published; therefore, the FAQ is not applicable. This
is an informational change only.
– Originally posted: September 11, 2018
– Updated: September 12, 2018
– Version: 1.1
********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
********************************************************************
Summary
=======
The following CVE has undergone a major revision increment:
* CVE-2018-8154
Revision Information:
=====================
– CVE-2018-8154 | Microsoft Exchange Memory Corruption
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: To comprehensively address CVE-2018-8154,
Microsoft has released security update 4458311 for Microsoft
Exchange Server 2010 Service Pack 3. Microsoft recommends that
enterprise customers running Microsoft Exchange Server 2010
Service Pack 3 ensure that they have update 4458311 installed
to be protected from this vulnerability.
– Originally posted: May 8, 2018
– Updated: September 11, 2018
– Aggregate CVE Severity Rating: Critical
– Version: 2.0
