Jump to content


Photo

MS Security Updates - May 2018


  • Please log in to reply
6 replies to this topic

#1 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,450 posts

Posted 05 May 2018 - 07:53 AM

********************************************************************

Title: Microsoft Security Update Releases

Issued: May 2, 2018

********************************************************************

 

Summary

=======

 

The following CVE has undergone a major revision increment:

 

* CVE-2018-8115

 

Revision Information:

=====================

 

 - CVE-2018-8115 | Windows Host Compute Service Shim Remote Code

   Execution Vulnerability

 - https://portal.msrc....curity-guidance

 - Version: 1.0

 - Reason for Revision: Information published.

 - Originally posted: May 2, 2018

 - Aggregate CVE Severity Rating: Critical

 

 

Other Information

=================


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#2 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,450 posts

Posted 08 May 2018 - 04:26 PM

Microsoft Security Bulletin(s) for may 2018
Release Notes
May 2018 Security Updates
Release Date: May 08, 2018
 
 
The May security release consists of security updates for the following software:
 
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Adobe Flash Player
  • .NET Framework
  • Microsoft Exchange Server
  • Windows Host Compute Service Shim
Please note the following information regarding the security updates:
 
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
Known Issues
 

 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,450 posts

Posted 08 May 2018 - 04:27 PM

Title: Microsoft Security Update Releases
Issued: May 8, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2017-11927
* CVE-2018-0886
* CVE-2018-0963
* CVE-2018-0993

Revision Information:
=====================

- CVE-2017-11927 | Microsoft Windows Information Disclosure
Vulnerability
- https://portal.msrc....curity-guidance
- Version: 2.0
- Reason for Revision: To comprehensively address CVE-2017-11927,
Microsoft is releasing the May Cumulative Updates, Monthly
Rollups, and Security Only Updates. Update 4130957 is being
released for all Windows Server 2008 Service Pack 2 versions.
Microsoft recommends that customers running these versions of
Windows install the updates to be protected from this
vulnerability.
- Originally posted: December 12, 2017
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important


- CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability
- https://portal.msrc....curity-guidance
- Version: 2.0
- Reason for Revision: Microsoft is releasing new Windows
security updates to address this CVE on May 8, 2018.
The updates released in March did not enforce the new
version of the Credential Security Support Provider protocol.
These security updates do make the new version mandatory.
For more information, see "CredSSP updates for CVE-2018-0886"
located at https://go.microsoft.com/fwlink/?linkid=866660.
- Originally posted: March 13, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important


- CVE-2018-0963 | Windows Kernel Elevation of Privilege
Vulnerability
- https://portal.msrc....curity-guidance
- Version: 2.0
- Reason for Revision: Update 4103727 has been released for
Windows 10 Version 1709 for 32-bit Systems and Windows 10
Version 1709 for 64-based Systems. The update replaces update
4093112, to comprehensively address the vulnerability.
Microsoft recommends that customers running the affected
software install the security update to be fully protected
from the vulnerability described in this CVE description.
See Microsoft Knowledge Base Article 4103727 for more
information.
- Originally posted: April 10, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important


- CVE-2018-0993 | Chakra Scripting Engine Memory Corruption
Vulnerability
- https://portal.msrc....curity-guidance
- Version: 2.0
- Reason for Revision: To comprehensively address CVE-2018-0993,
Microsoft has released security update 4103716 for Windows 10 for
32-bit Systems and Windows 10 for x64-based Systems. Consumers
using Windows 10 are automatically protected. Microsoft recommends
that enterprise customers running Windows 10 ensure that they have
update 4103716 installed to be protected from this vulnerability.
- Originally posted: April 10, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Critical


The following advisories have undergone a major revision increment:

* ADV170017
* ADV180002

Revision Information:
=====================

- ADV170017 | Microsoft Office Defense in Depth Update
- https://portal.msrc....curity-guidance
- Version: 2.0
- Reason for Revision: To further protect customers, Microsoft is
announcing the release of new updates for ADV170017 for supported
editions of Microsoft Office 2010, Microsoft Office 2013, and
Microsoft Office 2016. Microsoft recommends that customers follow
the instructions in FAQ #1, which has been revised to clarify
the deployment procedure, to download and install the new updates.
In addition, FAQ #2 has been added to explain how customers can
safely use Microsoft Office self-extracting executable installers
(.exe files).
- Originally posted: October 10, 2017
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: N/A


- ADV180002 | Microsoft Office Defense in Depth Update
- https://portal.msrc....curity-guidance
- Version: 18.0
- Reason for Revision: Updated FAQ #15 to announce that security
update 4103723 for Windows 10 Version 1607, Windows Server
2016, and Windows Server 2016 (Server Core installation)
provides addtional mitigations for AMD processors for
CVE-2017-5715. See
https://support.microsoft.com/en-us/help/4103723/ for more
information. In addition, added information to the FAQ that
security update 4093112 also applies to Windows Server,
version 1709 (Server Core installation).
- Originally posted: January 3, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,450 posts

Posted 08 May 2018 - 04:28 PM

Title: Microsoft Security Advisory Notification
Issued: May 8, 2018
********************************************************************

Security Advisories Released or Updated on May 8, 2018
===================================================================

* Microsoft Security Advisory 4092731

- Title: Update to Azure Guest OS Machine Key Generation Algorithm
- https://docs.microso...curity-updates/
securityadvisories/2018/4092731
- Reason for Revision: Microsoft is releasing this security advisory
to provide information related to an update in the way the
Azure Guest OS generates machine keys. This scenario may affect
customers who are using Azure Cloud Services Web Roles.
The machine keys on existing deployments have been generated
with insufficient entropy and using deprecated cryptographic
algorithms.
- Originally posted: May 8, 2018
- Version: 1.0


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#5 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,450 posts

Posted 16 May 2018 - 05:19 PM

********************************************************************
Title: Microsoft Security Update Releases
Issued: May 15, 2018
********************************************************************

Summary
=======

The following CVEs have been published or have undergone a major
revision increment:

* CVE-2018-8147
* CVE-2018-8162
* CVE-2018-8176

Revision Information:
=====================

- CVE-2018-8147 | Microsoft Excel Remote Code Execution
Vulnerability
- »portal.msrc.microsoft.co ··· guidance
- Version: 2.0
- Reason for Revision: Microsoft is announcing the availability
of the 16.13.18051301 update for Microsoft Office 2016 for Mac.
Customers running affected Mac software should install the
update for their product to be protected from this vulnerability.
Customers running other Microsoft Office software do not need to
take any action. See the Release Notes for more information and
download links.
- Originally posted: May 8, 2018
- Updated: May 15, 2018
- Aggregate CVE Severity Rating: Important

- CVE-2018-8162 | Microsoft Excel Remote Code Execution
Vulnerability
- »portal.msrc.microsoft.co ··· guidance
- Version: 2.0
- Reason for Revision: Revised the Affected Products table to
include Microsoft Office 2016 for Mac because it is affected
by this CVE. Microsoft recommends that customers running
Microsoft Office 2016 for Mac install the update to be protected
from this vulnerability.
- Originally posted: May 8, 2018
- Updated: May 15, 2018
- Aggregate CVE Severity Rating: Important

- CVE-2018-8176 | Microsoft PowerPoint Remote Code Execution
Vulnerability
- »portal.msrc.microsoft.co ··· guidance
- Version: 2.0
- Reason for Revision: Information published. This CVE has
been added to this month's Security Updates. Microsoft
recommends that customers running Microsoft Office 2016 for Mac
install the update to be protected from this vulnerability.
- Originally posted: May 15, 2018
- Updated: N/A
- Aggregate CVE Severity Rating: Important

The following advisory has undergone a major revision increment:

* ADV180002

Revision Information:
=====================

- ADV180002 | Guidance to mitigate speculative execution
side-channel vulnerabilities
- »portal.msrc.microsoft.co ··· guidance
- Version: 19.0
- Reason for Revision: Updated FAQ #14 to announce that a
stand-alone update for Windows 10 Version 1803 and Windows
Server, version 1803 is available via the Microsoft Update
Catalog. This update includes microcode updates from Intel.
See Microsoft Knowledge Base Article 4100347 for more
information.
- Originally posted: January 3, 2018
- Updated: May 15, 2018
- Aggregate CVE Severity Rating: Important


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#6 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,450 posts

Posted 18 May 2018 - 04:50 PM

********************************************************************

Title: Microsoft Security Update Minor Revisions
Issued: May 17, 2018
********************************************************************

Summary
=======

The following CVE has been revised in the May 2018 Security Updates.

* CVE-2018-0958

Revision Information:
=====================

CVE-2018-8117

- Title: CVE-2018-0958 | Windows Security Feature Bypass
Vulnerability
- »portal.msrc.microsoft.co ··· guidance
»portal.msrc.microsoft.co ··· 018-0958

- Reasons for Revision: Added an FAQ to explain what customers
who have installed the updates for this vulnerability can do
if their PowerShell ScheduledJobs jobs will no longer run with
DeviceGuard or AppLocker. For more information see
»blogs.msdn.microsoft.com ··· 7/11/02/
powershell-constrained-language-mode/. This is an informational
change only.
- Originally posted: May 8, 2018
- Updated: May 17, 2018
- CVE Severity Rating: Important
- Version: 1.1


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#7 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,450 posts

Posted 20 May 2018 - 11:42 PM

********************************************************************

Title: Microsoft Security Update Releases

Issued: May 18, 2018

********************************************************************

 

Summary

=======

 

The following CVE has been published or has undergone a major revision increment:

 

* CVE-2018-0886

 

Revision Information:

=====================

 

 - CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability

 - https://portal.msrc....curity-guidance

 - Reason for Revision: In the Affected Products table, reverted

   the security update entries for Windows 10 Version 1511 back to

   the March security update (4088779) because a May 2018 update is

   not available for this version. See the FAQ section for more

   information about how to be protected from this vulnerability if

   you are running Windows 10 Version 1511.

 - Originally posted: March 13, 2018

 - Updated: May 18, 2018

 - Aggregate CVE Severity Rating: Important

 - Version: 3.0

 

 

Other Information

=================


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button