-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
***************************& -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Releases
Issued: May 8, 2018
********************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2017-11927
* CVE-2018-0886
* CVE-2018-0963
* CVE-2018-0993
Revision Information:
=====================
- CVE-2017-11927 | Microsoft Windows Information Disclosure
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 2.0
- Reason for Revision: To comprehensively address CVE-2017-11927,
Microsoft is releasing the May Cumulative Updates, Monthly
Rollups, and Security Only Updates. Update 4130957 is being
released for all Windows Server 2008 Service Pack 2 versions.
Microsoft recommends that customers running these versions of
Windows install the updates to be protected from this
vulnerability.
- Originally posted: December 12, 2017
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important
- CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 2.0
- Reason for Revision: Microsoft is releasing new Windows
security updates to address this CVE on May 8, 2018.
The updates released in March did not enforce the new
version of the Credential Security Support Provider protocol.
These security updates do make the new version mandatory.
For more information, see "CredSSP updates for CVE-2018-0886"
located at https://go.microsoft.com/fwlink/?linkid=866660.
- Originally posted: March 13, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important
- CVE-2018-0963 | Windows Kernel Elevation of Privilege
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 2.0
- Reason for Revision: Update 4103727 has been released for
Windows 10 Version 1709 for 32-bit Systems and Windows 10
Version 1709 for 64-based Systems. The update replaces update
4093112, to comprehensively address the vulnerability.
Microsoft recommends that customers running the affected
software install the security update to be fully protected
from the vulnerability described in this CVE description.
See Microsoft Knowledge Base Article 4103727 for more
information.
- Originally posted: April 10, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important
- CVE-2018-0993 | Chakra Scripting Engine Memory Corruption
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 2.0
- Reason for Revision: To comprehensively address CVE-2018-0993,
Microsoft has released security update 4103716 for Windows 10 for
32-bit Systems and Windows 10 for x64-based Systems. Consumers
using Windows 10 are automatically protected. Microsoft recommends
that enterprise customers running Windows 10 ensure that they have
update 4103716 installed to be protected from this vulnerability.
- Originally posted: April 10, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Critical
The following advisories have undergone a major revision increment:
* ADV170017
* ADV180002
Revision Information:
=====================
- ADV170017 | Microsoft Office Defense in Depth Update
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 2.0
- Reason for Revision: To further protect customers, Microsoft is
announcing the release of new updates for ADV170017 for supported
editions of Microsoft Office 2010, Microsoft Office 2013, and
Microsoft Office 2016. Microsoft recommends that customers follow
the instructions in FAQ #1, which has been revised to clarify
the deployment procedure, to download and install the new updates.
In addition, FAQ #2 has been added to explain how customers can
safely use Microsoft Office self-extracting executable installers
(.exe files).
- Originally posted: October 10, 2017
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: N/A
- ADV180002 | Microsoft Office Defense in Depth Update
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 18.0
- Reason for Revision: Updated FAQ #15 to announce that security
update 4103723 for Windows 10 Version 1607, Windows Server
2016, and Windows Server 2016 (Server Core installation)
provides addtional mitigations for AMD processors for
CVE-2017-5715. See
https://support.microsoft.com/en-us/help/4103723/ for more
information. In addition, added information to the FAQ that
security update 4093112 also applies to Windows Server,
version 1709 (Server Core installation).
- Originally posted: January 3, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious websites. Microsoft does
not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, PGP is not required for
reading security notifications, reading security bulletins, or
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.
********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************
Microsoft respects your privacy. Please read our online Privacy
Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.
If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.
These settings will not affect any newsletters youave requested or
any mandatory service communications that are considered part of
certain Microsoft services.
For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.
This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAlrxw/EACgkQEEiO2re1
8ui6cQ//dC8PSHHpL8FHoYF/baTRs1os4g+Ot0rK6FTsST4LGkp3nsf7bExEJCpw
uHY+2yNMWgQhevC2/xod7Q+4ziGdFUA+Pa9MxCr6LCCmfkt3qtOg4yrQ9+HZX58j
GyCpZ3eTSr4iX4hVtlp1iS8CUynQ0vnWaM/WV25vnPq6ZUt1yrEfeWmtmOSGScTE
fS4+F4Gl3HDQl/GcVLD1Rli5nfbGmWGDRv5ymyBzq5SglM6ib6HtAfPvRQXKdd90
Ax6/PR8gQt+0FKSYJX0yUggeDq2cSFpyFgMNT7wPl5QNIdV43sQSLhW9mf1HdaDH
BNHKh7qRd8TubmrE5an6ZXOJMFy5wSH8Rw1/1cIE6SrZRmsI02i34e4lHkskr4nO
hQbx8O0+s52qSZJBC91ImS69OB/AUE8yac2GnoOgdLIJpILDAlzOnVWV6i2Wfj6j
nfbQs8FxNq1DJ/1FoUWSPbH5l/5YYVVydifmi/zCTE5baDYybRvXSXxskun6/Iaj
Yw9r9PVHogEmM2jQTWgqKLnOHnVmgEH6mFukOgRQWP75LyVYwW5BEF2dP9oAzT99
HwCF+txz8orIlsi8AFhHv+bFUcf52uZujSN/kK4BUYcd6pKJURLUlQNDYNiAWY+v
urzWIFSKYORSB8tlFUHbgi1v6Pl1L+zQvKMfqpo3v06Nztyo9vU=
=Ezvr
-----END PGP SIGNATURE-----
Microsoft Security Bulletin CVE Revision Increment For May 2018
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 404