{"id":7047,"date":"2018-09-17T00:22:02","date_gmt":"2018-09-16T22:22:02","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=7047"},"modified":"2022-01-24T17:38:44","modified_gmt":"2022-01-24T16:38:44","slug":"microsoft-security-advisories-and-update-revisions","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/09\/17\/microsoft-security-advisories-and-update-revisions\/","title":{"rendered":"Microsoft Security Advisories and Update revisions"},"content":{"rendered":"

[German<\/a>]Another addendum from last week regarding security advisories from Microsoft including changes to update descriptions.<\/p>\n

<\/p>\n

FragmentSmack vulnerability (CVE-2018-5391)<\/h2>\n

The security warning about the FragmentSmack vulnerability CVE-2018-5391 was issued in August 2018 (see this Microsoft article<\/a>). The vulnerability allows attackers to execute a denial of service attack. It forces Windows systems to their knees and stops responding. <\/p>\n

The vulnerability affects all versions of Windows 7 to 10 (including 8.1 RT), as well as Windows Server 2008, 2012, and 2016. On September 11, 2018, Microsoft released security updates for various versions of Windows for the FragmentSmack vulnerability CVE-2018-5391. These fix the vulnerability. A list of updates can be found here<\/a> (search for the CVE). At Bleeping Computer there is this article<\/a>, which deals more extensively with the topic. <\/p>\n

More Security Messages<\/h2>\n

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
******************************************************************** <\/p>\n

Security Advisories Released or Updated on September 11, 2018
====================================================== <\/p>\n

* Microsoft Security Advisory ADV180002 <\/p>\n

\u2013 Title: Guidance to mitigate speculative execution
   side-channel vulnerabilities
\u2013 ADV180002<\/a>
\u2013 Reason for Revision: The following updates have been made:
   1. Microsoft has released security update 4457128 for Windows
   10 Version 1803 for ARM64-based Systems to provide protection
   against CVE-2017-5715. See the Affected Products table for links
   to download and install the update. Note that this update is also
   available via Windows Update. 2. Added FAQ #19 to explain where
   customer can find and install ARM64 firmware that address
   CVE-2017-5715 \u2013 Branch target injection (Spectre, Variant 2).
\u2013 Originally posted: January 3, 2018
\u2013 Updated: September 11, 2018
\u2013 Version: 25.0 <\/p>\n

* Microsoft Security Advisory ADV180018 <\/p>\n

\u2013 Title: Microsoft guidance to mitigate L1TF variant
\u2013 ADV180018<\/a>
\u2013 Reason for RevisioMicrosoft is announcing the release of
   Monthly Rollup 4458010 and Security Only 4457984 for Windows
   Server 2008 to provide additional protections against the
   speculative execution side-channel vulnerability known as L1
   Terminal Fault (L1TF) that affects Intel\u00c2\u00ae Core\u00c2\u00ae processors and
   Intel\u00c2\u00ae Xeon\u00c2\u00ae processors (CVE-2018-3620 and CVE-2018-3646).
   Customers running Windows Server 2008 should install either
   4458010 or 4457984 in addition to Security Update 4341832, which
   was released on August 14, 2018.
   See [Windows Server 2008 SP2 servicing changes<\/a> ] for
   more information. In addition, a note has been added to FAQ #2
   to provide further information regarding enabling the mitigation
   for CVE-2017-5754 (Meltdown).
\u2013 Originally posted: August 14, 2018
\u2013 Updated: September 11, 2018
\u2013 Version: 4.0 <\/p>\n

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 12, 2018
********************************************************************
Security Advisories Released or Updated on September 12, 2018
======================================================= <\/p>\n

* Microsoft Security Advisory ADV180022 <\/p>\n

\u2013 Title: Windows Denial of Service Vulnerability
\u2013 ADV180022<\/a>
\u2013 Reason for Revision: Removed FAQ #3 regarding when the security
   updates would be available for this vulnerability. The security
   updates were released on September 9, 2018 at the same time the
   advisory was published; therefore, the FAQ is not applicable. This
   is an informational change only.
\u2013 Originally posted: September 11, 2018
\u2013 Updated: September 12, 2018
\u2013 Version: 1.1 <\/p>\n

********************************************************************
Title: Microsoft Security Update Releases
Issued: September 11, 2018
******************************************************************** <\/p>\n

Summary
======= <\/p>\n

The following CVE has undergone a major revision increment: <\/p>\n

* CVE-2018-8154
Revision Information:
===================== <\/p>\n

\u2013 CVE-2018-8154 | Microsoft Exchange Memory Corruption
   Vulnerability
\u2013 https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance<\/a>
\u2013 Reason for Revision: To comprehensively address CVE-2018-8154,
   Microsoft has released security update 4458311 for Microsoft
   Exchange Server 2010 Service Pack 3. Microsoft recommends that
   enterprise customers running Microsoft Exchange Server 2010
   Service Pack 3 ensure that they have update 4458311 installed
   to be protected from this vulnerability.
\u2013 Originally posted: May 8, 2018
\u2013 Updated: September 11, 2018
\u2013 Aggregate CVE Severity Rating: Critical
\u2013 Version: 2.0<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]Another addendum from last week regarding security advisories from Microsoft including changes to update descriptions.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22,2],"tags":[69,195],"class_list":["post-7047","post","type-post","status-publish","format-standard","hentry","category-security","category-update","category-windows","tag-security","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/7047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=7047"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/7047\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=7047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=7047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=7047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}