[German]Just a brief addendum to the Patchday (November 13, 2018). Microsoft has also released two documents with Security Update Release Information and Security Update Advisory Notification. Addendum: Revisions from November 14, 2018 are added.
Advertising
Here are the unmodified texts. Interestingly, Micrsosoft has published a list of Servicing Stack Updates (SSUs) for the first time.
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: November 13, 2018
********************************************************************
Security Advisories Released or Updated on November 13, 2018
===================================================================
* Microsoft Security Advisory ADV990001
– Title: Latest Servicing Stack Updates
– ADV990001
– Reason for Revision: Information published
– Originally posted: November 13, 2018
– Updated: N/A
– Version: 1.0
Advertising
* Microsoft Security Advisory ADV180002
– Title: Guidance to mitigate speculative execution
side-channel vulnerabilities
– ADV180002
– Reason for Revision: The following updates have been made:
1. Added information to FAQ #9 for customers running Windows
Server 2019. 2. Updated FAQ #18 to announce that with the Windows
security updates released on November 13, 2018, Microsoft is
providing the solution for customers with AMD-based devices who
experienced high CPU utilization after installing the June or
July security updates and updated microcode from AMD. Microsoft
recommends that these customers install the November Windows
security updates and re-enable the Spectre Variant 2 mitigations
if they were previously disabled. This solution is available in
the November Windows security updates for: Windows Server 2008,
Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.
3. Added FAQ #20 to address the mitigations for ARM CPUs for
CVE 2017-5715, Branch Target Injection.
– Originally posted: January 3, 2018
– Updated: November 13, 2018
– Version: 26.0
* Microsoft Security Advisory ADV180012
– Title: Microsoft Guidance for Speculative Store Bypass
– ADV180012
– Reason for Revision: The following updates have been made to
this advisory: 1. Microsoft is announcing that the security
updates released on November 13, 2018 for all supported versions
of Windows 10, and for Windows Server 2016; Windows Server,
version 1709; Windows Server, version 1803; and Windows Server
2019 provide protections against the Speculative Store Bypass
vulnerability (CVE-2018-3639) for AMD-based computers. These
protections are not enabled by default. For Windows client
(IT pro) guidance, follow the instructions in KB4073119.
2. Microsoft is announcing the availability of updates for
Surface Studio and Surface Book that address the Speculative
Store Bypass (SSB) (CVE-2018-3639) vulnerability. See the
Affected Products table for links to download and install the
updates. See Microsoft Knowledge Base article 4073065 for more
information. 3. In the Security Updates table, the Article and
Download links have been corrected for affected Surface devices.
4. Windows 10 version 1809 and Windows Server 2019 have been
added to the Security Updates table because they are affected by
the SSB vulnerability. 5. The Recommended Actions and FAQ
sections have been updated to include information for devices
using AMD processors.
– Originally posted: May 21, 2018
– Updated: November 13, 2018
– Version: 6.0
* Microsoft Security Advisory ADV180013
– Title: Microsoft Guidance for Rogue System Register Read
– ADV180013
– Reason for Revision: The following updates have been made to this
advisory: 1. Microsoft is announcing the availability of updates
for Surface Book that address the Rogue System Registry Read
(CVE-2018-3640) vulnerability. See the Affected Products table
for links to download and install the updates. See Microsoft
Knowledge Base article 4073065 for more information.
2. In the Security Updates table, the Article and Download
links have been corrected.
– Originally posted: May 21, 2018
– Updated: November 13, 2018
– Version: 5.0
* Microsoft Security Advisory ADV180018
– Title: Microsoft guidance to mitigate L1TF variant
– ADV180018
– Reason for Revision: The following updates have been made:
1. Updated the "Microsoft Windows client customers" section to
provide clarification about how the protections for
CVE-2018-5754 and CVE-2018-3620 are related. Customers that
have disabled the protection for CVE-2017-5754 must re-enable it
to gain protection for CVE-2018-3620 (See FAQ#2).
2. Updated the "Microsoft Window Server customers" section to
include information for customers running Windows Server 2019.
Added further clarification to address VBS, Hyper-V, and
Hyper-Threading configurations based on the version of Windows
Server. 3. In FAQ 3, added Windows 10 Version 1809 to the list
of Windows versions in which VBS is supported.
– Originally posted: August 14, 2018
– Updated: November 13, 2018
– Version: 5.0
********************************************************************
Title: Microsoft Security Update Releases
Issued: November 13, 2018
********************************************************************
Summary
=======
The following CVE been added to the September 2018 Security updates:
* CVE-2018-8529
Revision Information:
=====================
– CVE-2018-8529 | Team Foundation Server Remote Code Execution
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Information published. CVE-2018-8529 has
been added to the September 2018 Security Updates.
– Originally posted: November 13, 2018
– Aggregate CVE Severity Rating: Important
– Version: 1.0
********************************************************************
Title: Microsoft Security Update Minor Revisions
Issued: November 14, 2018
********************************************************************
Summary
=======
The following CVEs and advisory have undergone a minor revision
increment:
* CVE-2018-8454
* CVE-2018-8552
* ADV990001
Revision Information:
=====================
– CVE-2018-8454 | Windows Audio Service Information Disclosure
Vulnerability
– CVE-2018-8454
– Reason for Revision: Corrected vulnerability description. This
is an informational change only.
– Originally posted: November 13, 2018
– Updated: November 13, 2018
– Aggregate CVE Severity Rating: Important
– Version: 1.1
– CVE-2018-8552 | Scripting Engine Memory Corruption
Vulnerability
– CVE-2018-8552
– Reason for Revision: Corrected the CVE title and description
to address the vulnerability as remote code execution. In the
Affected Products table, corrected the Impact to Remote Code
Execution. This is an informational change only.
– Originally posted: November 13, 2018
– Updated: November 14, 2018
– Aggregate CVE Severity Rating: Important
– Version: 1.1
– ADV990001 | Latest Servicing Stack Updates
Vulnerability
– ADV990001
– Reason for Revision: Corrected the link to the Windows Server
2008 Servicing Stack Update. This is an informational change
only.
– Originally posted: November 13, 2018
– Updated: November 14, 2018
– Aggregate CVE Severity Rating: None
– Version: 1.1
