Microsoft Security Bulletin Updates For September 2018

Details: Written by: khalil shreateh; Category: Vulnerabilities; Hits: 199

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

***************************& -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

- Title: Guidance to mitigate speculative execution
side-channel vulnerabilities
- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/ADV180002
- Reason for Revision: The following updates have been made:
1. Microsoft has released security update 4457128 for Windows
10 Version 1803 for ARM64-based Systems to provide protection
against CVE-2017-5715. See the Affected Products table for links
to download and install the update. Note that this update is also
available via Windows Update. 2. Added FAQ #19 to explain where
customer can find and install ARM64 firmware that address
CVE-2017-5715 - Branch target injection (Spectre, Variant 2).
- Originally posted: January 3, 2018
- Updated: September 11, 2018
- Version: 25.0

* Microsoft Security Advisory ADV180018

- Title: Microsoft guidance to mitigate L1TF variant
- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/ADV180018
- Reason for RevisioMicrosoft is announcing the release of
Monthly Rollup 4458010 and Security Only 4457984 for Windows
Server 2008 to provide additional protections against the
speculative execution side-channel vulnerability known as L1
Terminal Fault (L1TF) that affects IntelA(r) CoreA(r) processors and
IntelA(r) XeonA(r) processors (CVE-2018-3620 and CVE-2018-3646).
Customers running Windows Server 2008 should install either
4458010 or 4457984 in addition to Security Update 4341832, which
was released on August 14, 2018. See [Windows Server 2008 SP2
servicing changes](https://cloudblogs.microsoft.com/windowsserver
/2018/06/12/windows-server-2008-sp2-servicing-changes/) for
more information. In addition, a note has been added to FAQ #2
to provide further information regarding enabling the mitigation
for CVE-2017-5754 (Meltdown).
- Originally posted: August 14, 2018
- Updated: September 11, 2018
- Version: 4.0

Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious websites. Microsoft does
not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, PGP is not required for
reading security notifications, reading security bulletins, or
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

Microsoft respects your privacy. Please read our online Privacy
Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.

If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

These settings will not affect any newsletters you've requested or
any mandatory service communications that are considered part of
certain Microsoft services.

For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAluX7mkACgkQEEiO2re1
8uhzTg//XsjFpSqcYeBeF6z/T87NiCZxP7GuAIyc4jRit4KWTpEGB7nRCdVoGkmB
8d8EmFW5f6NW3IkVftpuLppUZQxH6+M0hrF8OvtEH7RD2CfoLtTt7zU1i0oNGZpK
AFuBDQ4T3DD2QFMIpq5dZV91Oq59bELH5s7/iek/YukRpJXN0lOUNXPDtwHApIE8
6jTG02b/rnb1xESY+c8UzWp8qak0t5VmPlPo8U3ACUbE7EyDapq+wvwwzmmIfwB9
w/S7mtYV3xmP7WgaRwO8S8LnvrbQlovsUv0HRsgAOyUVFWTt//NMhUP/vmBlTI+X
Al58JOmGOvAaKF1PMegY8iwA1mqGUAJKWD8UDYLELSXYxwiWfShVazVKdvtmyO7H
yKLM+q6jlPKbrAb5foitTLRPsGeu5sGeKsh0+dKJaF45z6BaeJacl6BGC4mUEGc7
QYFmvtfkO8mO1kZiswwQvLwbT2jM1KVD8WsRQalANYjw7SIrd6zRd0LlOAai8vpt
lpPJ1/UwU6cUn5NBTProLthKQqKtRIBHgLWIJGe0rvbn0IzrXTeR5mSvukU2k9DO
9L5eEW6392IUob9xtDEE/cdoaWh2Un0tzyT00W++/v8IyTE5a1+JUlzEoddOLAET
EetkersSvM+6udxNTiyUzqvz/I+qNog7aYb2undXxVpDiXERQmM=
=LqPQ
-----END PGP SIGNATURE-----