Microsoft Security Advisory Notifications and Revisions (Sept. 2019)

Microsoft has released some security notifications and revision info for the patchday and afterwards. I’ll just post them here in the blog for information.


Advertising

********************************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 10, 2019
********************************************************************************

Security Advisories Released or Updated on September 10, 2019
================================================================

* Microsoft Security Advisory ADV990001

ADV990001 | Latest Servicing Stack Updates
– Reason for Revision: A Servicing Stack Update has been released for all supported
   versions of Windows. See the FAQ section for more information.
– Originally posted: November 13, 2018
– Updated: September 10, 2019
– Version: 14.0

* Microsoft Security Advisory ADV190009


Advertising

ADV190009 | SHA-2 Code Sign Support Advisory
– Reason for Revision: TTo address a known issue on systems running Windows 7 Service
   Pack 1, Windows Server 2008 R2 Service Pack 1, and Windows Server 2008 Service
   Pack 2, Microsoft is re-releasing KB4474419. Microsoft recommends that customers
   running these versions of Windows reinstall update 4474419.
– Originally posted: March 12, 2019
– Updated: September 10, 2019
– Version: 5.0

* Microsoft Security Advisory ADV190013

ADV190013 | Microsoft Guidance to mitigate Microarchitectural Data Sampling
   vulnerabilities
– – Reason for Revision: The following updates have been made: 1. Microsoft has
   released security updates to provide protections against the Microarchitectural
   Data Sampling vulnerabilities for the 32-bit (x86) versions of Windows Server
   2008, Windows 7, Windows 8.1, Windows 10 Version 1607, Windows 10 Version 1703,
   Windows 10 Version 1709, Windows 10 Version 1803, Windows 10 Version 1809, and
   Windows 10 Version 1903. These updates are included in the September Security Only
   and Monthly Rollup updates. See the Affected Products table for links to download
   and install the updates. 2. Removed FAQ #3 regarding updates for Windows Server
   2008 for x64-based Systems as these updates are now available. 3. Replaced FAQ #3
   with information about the availability of protections for customers running Windows
   10 for 32-bit Systems. 4. In the Recommended Actions section, removed the
   “Important” note stating that microcode updates related to Microarchitectural Data
   Sampling vulnerabilities were not available for supported editions of Windows 10
   version 1803, Windows 10 version 1903, and Windows Server 2019 because these
   microcode updates are now available. See [Summary of Intel microcode updates].
   for more information.
– Originally posted: May 14, 2019
– Updated: September 10, 2019
– Version: 3.0

* Microsoft Security Advisory ADV190023

ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
– Reason for Revision: Revised Recommended Actions section to provide customers with
   more detailed information about actions to take to make LDAP channel binding and
   LDAP signing on Active Directory Domain Controllers more secure.
– Originally posted: August 13, 2019
– Updated: September 10, 2019
– Version: 1.1

********************************************************************
Title: Microsoft Security Update Releases
Issued: October 9, 2018
********************************************************************

Summary
=======

The following bulletin has undergone a major revision increment:

* MS11-025
 
Revision Information:
=====================

CVE-2010-3190: MFC Insecure Library Loading Vulnerability
– Reason for Revision: Added Exchange Servers to the Affected
   Products table. Customers who have any supported Exchange Server
   installed (Microsoft Exchange Server 2010 Service Pack 3,
   Microsoft Exchange Server 2013, Microsoft Exchange Server 2016)
   should reinstall KB2565063.
– Originally posted: April 12, 2011
– Updated: October 9, 2018
– Aggregate CVE Severity Rating: Important
– Version: 5.0

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: September 10, 2019
**************************************************************************************

On September 10, the Major Revision Mailer that was sent contained incorrect
information. Following is the corrected mailer. We apologize for any inconvenience.

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-15664
* CVE-2018-8269
* CVE-2019-1183

Revision Information:
=====================

CVE-2018-15664 | Docker Elevation of Privilege Vulnerability
– Version: 2.0
– Reason for Revision: Microsoft has released an update to provide protection for
   Azure Kubernetes Service. Please see the Security Updates table and the FAQs for
   more information.
– Originally posted: July 9, 2019
– Updated: September 10, 2019
– Aggregate CVE Severity Rating: Important

CVE-2018-8269 | OData Denial of Service Vulnerability
– Version: 2.0
– Reason for Revision: Revised the Security Updates table to include ASP.NET Core 2.1
   and 6.2 because they are affected by CVE-2018-8269. See (Add link to issue in GitHub)
   for more information.
– Originally posted: September 11, 2018
– Updated: September 10, 2019
– Aggregate CVE Severity Rating: Important

CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability
–  Version: 2.0
– Reason for Revision: This information is being revised to indicate that this CVE
   (CVE-2019-1183) is fully mitigated by the security updates for the vulnerability
   discussed in CVE-2019-1194. No update is required.
– Originally posted: August 13, 2019
– Updated: September 10, 2019
– Aggregate CVE Severity Rating: N/A


Advertising
This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *