Microsoft has released some security notifications and revision info for the patchday and afterwards. I'll just post them here in the blog for information.
Advertising
********************************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 10, 2019
********************************************************************************
Security Advisories Released or Updated on September 10, 2019
================================================================
* Microsoft Security Advisory ADV990001
– ADV990001 | Latest Servicing Stack Updates
– Reason for Revision: A Servicing Stack Update has been released for all supported
versions of Windows. See the FAQ section for more information.
– Originally posted: November 13, 2018
– Updated: September 10, 2019
– Version: 14.0
* Microsoft Security Advisory ADV190009
Advertising
– ADV190009 | SHA-2 Code Sign Support Advisory
– Reason for Revision: TTo address a known issue on systems running Windows 7 Service
Pack 1, Windows Server 2008 R2 Service Pack 1, and Windows Server 2008 Service
Pack 2, Microsoft is re-releasing KB4474419. Microsoft recommends that customers
running these versions of Windows reinstall update 4474419.
– Originally posted: March 12, 2019
– Updated: September 10, 2019
– Version: 5.0
* Microsoft Security Advisory ADV190013
– ADV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling
vulnerabilities
– – Reason for Revision: The following updates have been made: 1. Microsoft has
released security updates to provide protections against the Microarchitectural
Data Sampling vulnerabilities for the 32-bit (x86) versions of Windows Server
2008, Windows 7, Windows 8.1, Windows 10 Version 1607, Windows 10 Version 1703,
Windows 10 Version 1709, Windows 10 Version 1803, Windows 10 Version 1809, and
Windows 10 Version 1903. These updates are included in the September Security Only
and Monthly Rollup updates. See the Affected Products table for links to download
and install the updates. 2. Removed FAQ #3 regarding updates for Windows Server
2008 for x64-based Systems as these updates are now available. 3. Replaced FAQ #3
with information about the availability of protections for customers running Windows
10 for 32-bit Systems. 4. In the Recommended Actions section, removed the
"Important" note stating that microcode updates related to Microarchitectural Data
Sampling vulnerabilities were not available for supported editions of Windows 10
version 1803, Windows 10 version 1903, and Windows Server 2019 because these
microcode updates are now available. See [Summary of Intel microcode updates].
for more information.
– Originally posted: May 14, 2019
– Updated: September 10, 2019
– Version: 3.0
* Microsoft Security Advisory ADV190023
– ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
– Reason for Revision: Revised Recommended Actions section to provide customers with
more detailed information about actions to take to make LDAP channel binding and
LDAP signing on Active Directory Domain Controllers more secure.
– Originally posted: August 13, 2019
– Updated: September 10, 2019
– Version: 1.1
********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************
Summary
=======
The following bulletin has undergone a major revision increment:
* MS11-025
Revision Information:
=====================
– CVE-2010-3190: MFC Insecure Library Loading Vulnerability
– Reason for Revision: Added Exchange Servers to the Affected
Products table. Customers who have any supported Exchange Server
installed (Microsoft Exchange Server 2010 Service Pack 3,
Microsoft Exchange Server 2013, Microsoft Exchange Server 2016)
should reinstall KB2565063.
– Originally posted: April 12, 2011
– Updated: October 9, 2018
– Aggregate CVE Severity Rating: Important
– Version: 5.0
**************************************************************************************
Title: Microsoft Security Update Releases
Issued: September 10, 2019
**************************************************************************************
On September 10, the Major Revision Mailer that was sent contained incorrect
information. Following is the corrected mailer. We apologize for any inconvenience.
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2018-15664
* CVE-2018-8269
* CVE-2019-1183
Revision Information:
=====================
– CVE-2018-15664 | Docker Elevation of Privilege Vulnerability
– Version: 2.0
– Reason for Revision: Microsoft has released an update to provide protection for
Azure Kubernetes Service. Please see the Security Updates table and the FAQs for
more information.
– Originally posted: July 9, 2019
– Updated: September 10, 2019
– Aggregate CVE Severity Rating: Important
– CVE-2018-8269 | OData Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include ASP.NET Core 2.1
and 6.2 because they are affected by CVE-2018-8269. See (Add link to issue in GitHub)
for more information.
– Originally posted: September 11, 2018
– Updated: September 10, 2019
– Aggregate CVE Severity Rating: Important
– CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability
– Version: 2.0
– Reason for Revision: This information is being revised to indicate that this CVE
(CVE-2019-1183) is fully mitigated by the security updates for the vulnerability
discussed in CVE-2019-1194. No update is required.
– Originally posted: August 13, 2019
– Updated: September 10, 2019
– Aggregate CVE Severity Rating: N/A
Advertising