Microsoft Security Advisory Notification (14./15. August 2018)

Microsoft  hat zum 14. und 15. August 2018 mehrere Security Advisory Notification veröffentlicht, die die neu entdeckten Schwachstellen (L1TF) zum Thema haben. Ergänzung: Sicherheitsmitteilungen vom 15. August 2018 hinzugefügt.


Anzeige

********************************************************************
Security Advisories Released or Updated on August 14, 2018
********************************************************************
* Microsoft Security Advisory ADV180018

– Title: Microsoft guidance to mitigate L1TF variant
ADV180018
– Reason for Revision: Information published.
– Originally posted: August 14, 2018
– Updated: N/A
– Version: 1.0

* Microsoft Security Advisory ADV180016

– Title: Microsoft Guidance for Lazy FP State Restore
ADV180016
– Reason for Revision: Microsoft is announcing that the Windows
   security updates released on August 14, 2018 provide mitigations
   for CVE-2018-3665 – Lazy FP State Restore. These updates are
   available for 32-bit versions of Windows 7 and Windows Server
   2008. See the Affected Products table to download and install
   the security updates.
– Originally posted: June 13, 2018
– Updated: August 14, 2018
– Version: 4.0

********************************************************************

Microsoft Security Update Releases August 15, 2018
********************************************************************

Summary
=======


Anzeige

The following CVEs have undergone a major revision increment:

* CVE-2018-8202
* CVE-2018-8284

Revision Information:
=====================

– CVE-2018-8202 | .NET Framework Elevation of Privilege
   Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Microsoft is releasing the August Monthly
   Rollup, Security Only, and Security Updates to fully resolve known
   issues some customers experienced after installing the July security
   updates for .NET Framework. Customers who installed either the
   Standalone updates or Alternate Cumulative update should also install
   the August updates. See the Affected Products table for links
   to download and install the August updates.
– Originally posted: July 10, 2018
– Updated: August 15, 2018
– Aggregate CVE Severity Rating: Important
– Version: 5.0

– CVE-2018-8284 | .NET Framework Remote Code Injection
   Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Updated the Affected Products to include
   affected versions of Microsoft SharePoint Server, Microsoft
   SharePoint Foundation, Microsoft SharePoint Enterprise Server,
   and Microsoft Project Server. Customers running any of the
   SharePoint products listed in the Affected Products table and
   who are also running any affected versions of .NET Framework
   need to install the security updates for the versions of .NET
   running on their system to be fully protected from this
   vulnerability.
– Originally posted: July 10, 2018
– Updated: August 14, 2018
– Aggregate CVE Severity Rating: Important
– Version: 3.0

********************************************************************

Microsoft Security Advisory Notification August 15, 2018
********************************************************************

Security Advisories Released or Updated on August 15, 2018
======================================================

Das Microsoft Security Advisory ADV180002 sollten sich vor allem Besitzer eines Systems mit AMD-CPUs durchlesen.

* Microsoft Security Advisory ADV180002

– Title: Guidance to mitigate speculative execution side-channel
   vulnerabilities
ADV180002
– Reason for Revision: Updated FAQ #18 to announce that with the
   Windows security updates released on Augus 18, 2918, Microsoft
   is providing the solution for customers with AMD-based devices
   who experienced high CPU utilization after installing the June
   or July security updates and updated microcode from AMD. Microsoft
   recommends that these customers install the August Windows
   secrurity updates and re-enable the Spectre Variant 2 mitigations
   if they were previously disabled. This solution is available in
   the August Windows security updates for: Windows 10 version 1607.
   Windows 10 version 1709. Windows 10 version 1803, Windows 7
   Service Pack 1, Windows Server 2016, Windows Server, version 1709
   (Server Core Installation), Windows Server, version 1803 (Server
   Core Installation), and Windows Server 2008 R2 Service Pack 1.
   The FAQ will be updated as further updates become available.
– Originally posted: January 3, 2018
– Updated: August 15, 2018
– Version: 24.0

* Microsoft Security Advisory ADV180021

– Title: Microsoft Office Defense in Depth Update
ADV180021
– Reason for Revision: Information published.
– Originally posted: August 15, 2018
– Updated: N/A
– Version: 1.0


Anzeige


Dieser Beitrag wurde unter Sicherheit abgelegt und mit verschlagwortet. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.

Hinweis: Bitte beachtet die Regeln zum Kommentieren im Blog (Erstkommentare und Verlinktes landet in der Moderation, gebe ich alle paar Stunden frei, SEO-Posts/SPAM lösche ich rigoros). Kommentare abseits des Themas bitte unter Diskussion.