Jump to content


Photo

MS Security Updates - July 2018


  • Please log in to reply
6 replies to this topic

#1 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,469 posts

Posted 11 July 2018 - 07:28 AM

portal.msrc.microsoft.co ··· 3a33c573

Release Notes
July 2018 Security Updates

Release Date: July 10, 2018

The July security release consists of security updates for the following software:

Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
Adobe Flash Player
.NET Framework
ASP.NET
Microsoft Research JavaScript Cryptography Library
Skype for Business and Microsoft Lync
Visual Studio
Microsoft Wireless Display Adapter V2 Software
PowerShell Editor Services
PowerShell Extension for Visual Studio Code
Web Customizations for Active Directory Federation Services

Please note the following information regarding the security updates:
 

  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include further steps to take after installing the updates.

Known Issues


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#2 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,469 posts

Posted 21 July 2018 - 08:25 AM

********************************************************************

Title: Microsoft Security Update Releases

Issued: July 19, 2018

********************************************************************

 

Summary

=======

 

The following CVEs have undergone a major revision increment:

 

* CVE-2018-8202

* CVE-2018-8260

* CVE-2018-8284

* CVE-2018-8356

 

Revision Information:

=====================

 

 - https://portal.msrc....curity-guidance

 - Reason for Revision: To address a known issue in the security

   updates released on July 10, Microsoft is releasing Cumulative

   Update packages for all supported editions of Windows 10. These

   packages are available via Microsoft Update catalog, WSUS, or by

   manually searching Windows Update. Customers who are experiencing

   issues after installing the July Windows security updates should

   install the replacement packages as applicable. Note that the

   Monthly Rollup and Security Only updates for .NET Framework are

   not affected. Please refer to the Affected Products table for the

   replacement package KB numbers. Customers who have successfully

   installed the security updates and who are not experiencing any

   issues do not need to take any action.

 - Originally posted: July 10, 2018

 - Updated: July 19, 2018

 - Aggregate CVE Severity Rating: Important

 - Version: 2.0

 

The following CVEs have undergone a major revision increment:

 

* CVE-2018-0949

* CVE-2018-8242

* CVE-2018-8287

* CVE-2018-8288

* CVE-2018-8291

* CVE-2018-8296

 

Revision Information:

=====================

 

 - https://portal.msrc....curity-guidance

 - Reason for Revision: To address a known issue in the security

   updates released on July 10, Microsoft is releasing Cumulative

   Update packages for Windows 10, and Standalone and Preview Rollup

   packages for all other supported editions of Windows. These packages

   are available via Microsoft Update catalog, WSUS, or by manually

   searching Windows Update. Customers who are experiencing issues

   after installing the July Windows security updates should install

   the replacement packages as applicable. Note that the IE Cumulative

   updates are not affected. Please refer to the Affected Products

   table for the replacement package KB numbers. Customers who have

   successfully installed the security updates and who are not

   experiencing any issues do not need to take any action.

 - Originally posted: July 10, 2018

 - Updated: July 19, 2018

 - Aggregate CVE Severity Rating: Important

 - Version: 2.0

 

The following CVEs have undergone a major revision increment:

 

* CVE-2018-8125              * CVE-2018-8279              * CVE-2018-8301

* CVE-2018-8206              * CVE-2018-8280              * CVE-2018-8304

* CVE-2018-8222              * CVE-2018-8282              * CVE-2018-8307

* CVE-2018-8262              * CVE-2018-8286              * CVE-2018-8308

* CVE-2018-8274              * CVE-2018-8289              * CVE-2018-8309

* CVE-2018-8275              * CVE-2018-8290              * CVE-2018-8313

* CVE-2018-8276              * CVE-2018-8294              * CVE-2018-8314

* CVE-2018-8278              * CVE-2018-8297              * CVE-2018-8324

                                                                * CVE-2018-8325

 

Revision Information:

=====================

 

 - https://portal.msrc....curity-guidance

 - Reason for Revision: To address a known issue in the security

   updates released on July 10, Microsoft is releasing Cumulative

   Update packages for Windows 10, and Standalone and Preview Rollup

   packages for all other supported editions of Windows. These

   packages are available via Microsoft Update catalog, WSUS, or by

   manually searching Windows Update. Customers who are experiencing

   issues after installing the July Windows security updates should

   install the replacement packages as applicable. Please refer to the

   Affected Products table for the replacement package KB numbers.

   Customers who have successfully installed the security updates and

   who are not experiencing any issues do not need to take any action.

 - Originally posted: July 10, 2018

 - Updated: July 19, 2018

 - Aggregate CVE Severity Rating: Critical

 - Version: 2.0

 

 The following CVE has undergone a major revision increment:

 

* CVE-2018-8356

 

Revision Information:

=====================

 

 - https://portal.msrc....curity-guidance

 - Reason for Revision: Revised the Affected Products table to

   include PowerShell Core 6.0 and PowerShell Core 6.1 because

   these products are affected by CVE-2018-9356. See

   https://github.com/P...ements/issues/6 for

   more information.

 - Originally posted: July 10, 2018

 - Updated: July 19, 2018

 - Aggregate CVE Severity Rating: Important

 - Version: 3.0

 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,469 posts

Posted 21 July 2018 - 08:28 AM

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: July 19, 2018

********************************************************************

a

Security Advisories Released or Updated on July 19, 2018

==========================================

 

* Microsoft Security Advisory ADV180002

 

 - Title: Guidance to mitigate speculative execution side-channel

   vulnerabilities

 - https://portal.msrc....urity-guidance/

   advisory/ADV180002

 - Reason for Revision: To address a known issue in the security

   updates released on July 10, Microsoft is releasing Alternate

   Cumulative update packages for Windows 10, and Standalone and

   Preview Rollup packages for all other supported editions of

   Windows. These packages are available via Microsoft Update

   catalog, WSUS, or by manually searching Windows Update. Customers

   who are experiencing issues after installing the July Windows

   security updates should install the replacement packages as

   applicable. Please refer to the Affected Products table for the

   replacement package KB numbers. Customers who have successfully

   installed the security updates and who are not experiencing any

   issues do not need to take any action.

 - Originally posted: January 3, 2018

 - Updated: July 19, 2018

 - Version: 22.0

 

* Microsoft Security Advisory ADV180016

 

 - Title: Microsoft Guidance for Lazy FP State Restore

 - https://portal.msrc....urity-guidance/

   advisory/ADV180016

 - Reason for Revision: To address a known issue in the security

   updates released on July 10, Microsoft is releasing Alternate

   Cumulative update packages for Windows 10, and Standalone and

   Preview Rollup packages for all other supported editions of

   Windows. These packages are available via Microsoft Update

   catalog, WSUS, or by manually searching Windows Update. Customers

   who are experiencing issues after installing the July Windows

   security updates should install the replacement packages as

   applicable. Please refer to the Affected Products table for the

   replacement package KB numbers. Customers who have successfully

   installed the security updates and who are not experiencing any

   issues do not need to take any action.

 - Originally posted: June 13, 2018

 - Updated: July 19, 2018

 - Version: 3.0


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,469 posts

Posted 21 July 2018 - 08:29 AM

********************************************************************

Title: Microsoft Security Update Minor Revisions

Issued: July 19, 2018

********************************************************************

 

Summary

=======

 

The following CVEs have undergone a minor revision increment:

 

* CVE-2018-8202

* CVE-2018-8260

* CVE-2018-8284

* CVE-2018-8356

 

Revision Information:

=====================

 

 - https://portal.msrc....curity-guidance

 - Reason for Revision: Corrected Supersedence entries in the

   Affected Products table. This is an informational change only.

 - Originally posted: July 10, 2018

 - Updated: July 19, 2018

 - Aggregate CVE Severity Rating: Important

 - Version: 2.1


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#5 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,469 posts

Posted 25 July 2018 - 10:35 PM

********************************************************************

Title: Microsoft Security Update Releases

Issued: July 24, 2018

********************************************************************

 

Summary

=======

 

The following CVE has undergone a major revision increment:

 

* CVE-2018-8308

 

Revision Information:

=====================

 

 - https://portal.msrc....urity-guidance/

   advisory/CVE-2018-8308

 - Reason for Revision: The Windows Update classification for the

   following update packages has been changed from Optional to

   Recommended: 4338821, 4338816, 4338831. These packages will be

   installed automatically if the operating system is configured

   to receive automatic updates.

 - Originally posted: July 10, 2018

 - Updated: July 24, 2018

 - Aggregate CVE Severity Rating: Important

 - Version: 3.0


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#6 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,469 posts

Posted 27 July 2018 - 07:35 PM

********************************************************************

Title: Microsoft Security Update Releases

Issued: July 26, 2018

********************************************************************

 

Summary

=======

 

The following CVE has undergone a major revision increment:

 

* CVE-2018-8202

 

Revision Information:

=====================

 

 - https://portal.msrc....curity-guidance

 - Reason for Revision: Microsoft is aware of a known issue some

   customers experienced after installing the security updates for

   CVE-2018-8202 that were released on July 10. We are investigating

   this issue and will rerelease security updates for this CVE as

   soon as they are available. In the meantime, please refer to the

   FAQ section of CVE-2018-8202 for recommended actions you can take

   prior to deploying these updates. Also see KB4345913 for further

   information, including descriptions of application errors that

   customers might experience and available workarounds.

 - Originally posted: July 10, 2018

 - Updated: July 26, 2018

 - Aggregate CVE Severity Rating: Important

 - Version: 3.0


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#7 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,469 posts

Posted 27 July 2018 - 07:36 PM

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: July 26, 2018

********************************************************************

 

Security Advisories Released or Updated on July 26, 2018

===================================================================

 

* Microsoft Security Advisory ADV180012

 

 - Title: Microsoft Guidance for Speculative Store Bypass

 - https://portal.msrc....urity-guidance/

   advisory/ADV180012

 - Reason for Revision: Microsoft is announcing the availability of

   updates for Surface Pro 4, Surface Laptop, Surface Pro Model

   1796, and Surface Pro with Advanced LTE Model 1807 that address

   the Speculative Store Bypass (SSB) (CVE-2018-3639) vulnerability.

   See the Affected Products table for links to download and install

   the updates. See Microsoft Knowledge Base article 4073065 for

   more information.

 - Originally posted: May 21, 2018

 - Updated: July 26, 2018

 - Version: 4.0

 

* Microsoft Security Advisory ADV180013

 

 - Title: Microsoft Guidance for Rogue System Register Read

 - https://portal.msrc....urity-guidance/

   advisory/ADV180013

 - Reason for Revision: Microsoft is announcing the availability

   of updates for Surface Pro 4, Surface Laptop, Surface Pro Model

   1796, and Surface Pro with Advanced LTE Model 1807 that address

   the Rogue System Registry Read (CVE-2018-3640) vulnerabiliuty.

   See the Affected Products table for links to download and install

   the updates. See Microsoft Knowledge Base article 4073065 for

   more information.

 - Originally posted: May 21, 2018

 - Updated: July 26, 2018

 - Version: 2.0


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button