Microsoft Security Update Releases (Oct 17, 2019)

Microsoft has published a revised security update notification as of October 17, 2018, which I would like to briefly describe below. It is about MFC in connection with the cumulative update 11 for Exchange Server 2016 (KB4134118) and the SQL Server Management Studio.


Advertising

********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2010-3190

Revision Information:
=====================


Advertising

– CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Microsoft is announcing the release of
Cumulative Update 11 for Exchange Server 2016 (KB4134118). This
update fully resolves the issue identified in CVE-2010-3190 for
Exchange Server 2016.
– Originally posted: October 9, 2018
– Updated: October 17, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0

On this topic I had published today the article Exchange Server: Active Sync client has connect/sync issues. The following three CVEs have also been revised:

* CVE-2018-8527
* CVE-2018-8532
* CVE-2018-8533

Revision Information:
=====================

– SQL Server Management Studio Information Disclosure
Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: The following updates have been made:
The following updates have been made: 1. In the Security Updates
table, removed SQL Server Management Studio 18.0 (Preview 4)
because it is not affected by this vulnerability. 2. Removed the
links for SSMS 17.9 because this vulnerability is mitigated by
changing settings. 3. Added an FAQ to explain how customers
running any version of SSMS can protect themselves from this
vulnerability. 4. Added a workaround to describe how customers
can protect themselves from this vulnerability if they are unable
to clean-install SSMS 17.9.
– Originally posted: October 9, 2018
– Updated: October 17, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0


Advertising

This entry was posted in Security, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).