Microsoft has published a revised security update notification as of October 17, 2018, which I would like to briefly describe below. It is about MFC in connection with the cumulative update 11 for Exchange Server 2016 (KB4134118) and the SQL Server Management Studio.
Advertising
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 17, 2018
********************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2010-3190
Revision Information:
=====================
Advertising
– CVE-2010-3190 | MFC Insecure Library Loading Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Microsoft is announcing the release of
Cumulative Update 11 for Exchange Server 2016 (KB4134118). This
update fully resolves the issue identified in CVE-2010-3190 for
Exchange Server 2016.
– Originally posted: October 9, 2018
– Updated: October 17, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0
On this topic I had published today the article Exchange Server: Active Sync client has connect/sync issues. The following three CVEs have also been revised:
* CVE-2018-8527
* CVE-2018-8532
* CVE-2018-8533
Revision Information:
=====================
– SQL Server Management Studio Information Disclosure
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: The following updates have been made:
The following updates have been made: 1. In the Security Updates
table, removed SQL Server Management Studio 18.0 (Preview 4)
because it is not affected by this vulnerability. 2. Removed the
links for SSMS 17.9 because this vulnerability is mitigated by
changing settings. 3. Added an FAQ to explain how customers
running any version of SSMS can protect themselves from this
vulnerability. 4. Added a workaround to describe how customers
can protect themselves from this vulnerability if they are unable
to clean-install SSMS 17.9.
– Originally posted: October 9, 2018
– Updated: October 17, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0
