Microsoft Security Update Releases (Juni 2018)

Publiziert am 14. Juni 2018 von Günter Born

Im Rahmen des Juni 2018-Patchdays (12.6.2018) hat Microsoft auch einige Sicherheitswarnungen aktualisiert bzw. neu herausgegeben. Hier eine unkommentierte Übersicht, was sich geändert hat.

Anzeige

********************************************************************
Title: Microsoft Security Update Releases
Issued: June 12, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-0976
* CVE-2018-1003
* CVE-2018-8136

Revision Information:
=====================

– CVE-2018-0976 | Windows Remote Desktop Protocol (RDP) Denial of
Service Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Microsoft is re-releasing security update
4093227 for all supported versions of Windows Server 2008 Service
Pack 2 to address a signing issue experienced by some customers.
Customers should reinstall this new update.
– Originally posted: April 10, 2018
– Updated: June 12, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0

– CVE-2018-1003 | Microsoft JET Database Engine Remote Code
Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to
include Windows 10 Version 1803 for 32-bit System, Windows 10
Version 1803 for x64-based Systems, and Windows Server
version 1803 (Server Core installation) because they are
affected by CVE-2018-1003. Microsoft recommends that
customers running Windows 10 Version 1803 install update
4284835 to be protected from this vulnerability.
– Originally posted: April 10, 2018
– Updated: June 12, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0

– CVE-2018-8136 | Windows Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: CVE revised to announce the availability
of security update 4130956 for Windows Server 2008. See
Microsoft Knowledge Base Article 4130956 for more information.
– Originally posted: May 5, 2018
– Updated: June 12, 2018
– Aggregate CVE Severity Rating: Low
– Version: 2.0

Anzeige

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 12, 2018
********************************************************************

Security Advisories Released or Updated on June 12, 2018
===================================================================

* Microsoft Security Advisory 4338110

– Title: Microsoft guidance for CBC Symmetric Encryption Security
Feature Bypass
https://docs.microsoft.com/en-us/security-updates/securityadvisories/2018/4338110
– Reason for Revision: Information published.
– Originally posted: June 12, 2018
– Version: 1.0

* Microsoft Security Advisory 180002

– Title: Guidance to mitigate speculative execution side-channel
vulnerabilities
– https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
– Reason for Revision: Updated FAQ #15 to announce that the
following security updates provide addtional mitigations for AMD
processors for CVE-2017-5715: 1. Security update 4284874 for
Windows 10 Version 1703 – see KB4103723 for more information.
2. Security update 4284860 for Windows 10 – see KB4284860 for
more information.
3. Security update 4284826    (monthly rollup) or 4284867
(security only) for Windows 7, Windows Server 2008 R2, or
Windows Server 2008 R2 (Server Core  installation) – see
KB4284826 or KB4284867 for more information.
– Originally posted: January 3, 2018
– Updated: June 12, 2018
– Version: 20.0

* Microsoft Security Advisory 180012

– Title: Microsoft Guidance for Speculative Store Bypass
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
– Reason for Revision: Microsoft is announcing that the Windows
security updates released on June 12, 2018 include support for
Speculative Store Bypass Disable (SSBD) in Intel processors. This
support is available for all supported editions of Windows 10,
Windows Server 2016, Windows 7, and Windows Server 2008 R2. See
the Affected Products table for the security updates. The
Recommended Actions section of this advisory has been updated
to include steps for applying updates to mitigate CVE-2018-3639 –
Speculative Store Bypass (SSB), Variant 4. In addtion, revisions
have been made to the FAQ section to address questions about
performance implications of these updates and of SSBD.
– Originally posted: May 21, 2018
– Updated: June 12, 2018
– Version: 2.0

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 13, 2018
********************************************************************

Security Advisories Released or Updated on June 13, 2018
=====================================================
* Microsoft Security Advisory 180016

– Title: Microsoft Guidance for Lazy FP State Restore
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180016
– Reason for Revision: Information published.
– Originally posted: June 13, 2018
– Updated: N/A
– Version: 1.0

Cookies blockieren entzieht uns die Finanzierung: Cookie-Einstellungen
Dieser Beitrag wurde unter Sicherheit abgelegt und mit verschlagwortet. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Hinweis: Bitte beachtet die Regeln zum Kommentieren im Blog (Erstkommentare und Verlinktes landet in der Moderation, gebe ich alle paar Stunden frei, SEO-Posts/SPAM lösche ich rigoros). Kommentare abseits des Themas bitte unter Diskussion.