Jump to content


Photo

MS Security Updates - August 2018


  • Please log in to reply
8 replies to this topic

#1 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,468 posts

Posted 05 August 2018 - 10:24 AM

********************************************************************
Title: Microsoft Security Update Releases
Issued: August 1, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8172
* CVE-2018-8202

Revision Information:
=====================

 

– CVE-2018-8172 | Visual Studio Remote Code Execution
   Vulnerability
https://portal.msrc....curity-guidance
– Reason for Revision: Revised the Affected Products table to
   include Expression Blend 3 Service Pack 1 and Expression Blend
   2 Service Pack 2 because they are also affected by this
   vulnerability. Microsoft recommends that customers running
   either of these versions of Expression Blend install the
   update to be fully protected from this vulnerability.
– Originally posted: July 10, 2018
– Updated: July 31, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0

 

– CVE-2018-8202 | .NET Framework Elevation of Privilege
   Vulnerability
https://portal.msrc....curity-guidance
– Reason for Revision: Microsoft is announcing the release of
   updates, available via the Microsoft Update catalog, to resolve
   known issues some customers experienced after installing the
   July 2018 security updates for .NET Framework. Microsoft
   recommends that customers who experienced application errors as
   described in KB4345913
   (https://support.micr...s/help/4345913) install the
   applicable Standalone update for your system. Customers running
   Window 10 Version 1607 or Windows Server 2016 should install
   Cumulative update 4346877 to resolve application errors. See
   the Affected Products table for links to download and install
   the updates.
– Originally posted: July 10, 2018
– Updated: July 31, 2018
– Aggregate CVE Severity Rating: Important
– Version: 4.0


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#2 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,468 posts

Posted 05 August 2018 - 10:25 AM

Title: Microsoft Security Advisory Notification
Issued: August 1, 2018
********************************************************************

Security Advisories Released or Updated on August 1, 2018
===================================================================

* Microsoft Security Advisory ADV180002

 - Title: Guidance to mitigate speculative execution side-channel
   vulnerabilities
 - https://portal.msrc.microsoft.com/en-us/security-guidance/
   advisory/ADV180002
 - Reason for Revision: Added FAQ #18 to address a high CPU 
   utilization issue some customers with an AMD-based device are 
   experiencing after installing the June or July Windows security 
   updates or after installing a BIOS update.  
 - Originally posted: January 3, 2018
 - Updated: August 1, 2018
 - Version: 23.0


Other Information
=================

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,468 posts

Posted 11 August 2018 - 12:39 PM

 
Microsoft Security Advisory Notification Issued: August 8, 2018

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: August 8, 2018

********************************************************************

 

Security Advisories Released or Updated on August 8, 2018

===================================================================

 

* Microsoft Security Advisory ADV180012

 

 - Title: Microsoft Guidance for Speculative Store Bypass

 - https://portal.msrc....urity-guidance/

   advisory/ADV180012

 - Reason for Revision: Microsoft is announcing the availability of

   updates for Surface Pro 3 and Surface Book 2 that address the

   Speculative Store Bypass (SSB) (CVE-2018-3639) vulnerability.

   See the Affected Products table for links to download and

   install the updates. See Microsoft Knowledge Base article

   4073065 for more information.

 - Originally posted: May 21, 2018

 - Updated: August 8, 2018

 - Version: 5.0

 

* Microsoft Security Advisory ADV180013

 

 - Title: Microsoft Guidance for Rogue System Register Read

 - https://portal.msrc....urity-guidance/

   advisory/ADV180013

 - Reason for Revision: Microsoft is announcing the availability

   of updates for Surface Book 2 and Surface Pro 3 that address

   the Rogue System Registry Read (CVE-2018-3640) vulnerability.

   See the Affected Products table for links to download and install

   the updates. See Microsoft Knowledge Base article 4073065 for

   more information.

 - Originally posted: May 21, 2018

 - Updated: August 8, 2018

 - Version: 3.0

 

Other Information

=================


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,468 posts

Posted 24 August 2018 - 06:07 PM

August 2018 Security Updates

Release Date: August 14, 2018

 

The August security release consists of security updates for the following software:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Adobe Flash Player
  • .NET Framework
  • Microsoft Exchange Server
  • Microsoft SQL Server
  • Visual Studio

Please note the following information regarding the security updates:

  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • Starting in March 2017, a delta package will be available on the Microsoft Update Catalog for Windows 10 version 1607 and newer. This delta package contains just the delta changes between the previous month and the current release.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

Known Issues


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#5 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,468 posts

Posted 24 August 2018 - 06:09 PM

********************************************************************

Title: Microsoft Security Update Releases
Issued: August 15, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8202
* CVE-2018-8284

Revision Information:
=====================

- CVE-2018-8202 | .NET Framework Elevation of Privilege
Vulnerability
- »portal.msrc.microsoft.co ··· guidance
- Reason for Revision: Microsoft is releasing the August Monthly
Rollup, Security Only, and Security Updates to fully resolve known
issues some customers experienced after installing the July security
updates for .NET Framework. Customers who installed either the
Standalone updates or Alternate Cumulative update should also install
the August updates. See the Affected Products table for links
to download and install the August updates.
- Originally posted: July 10, 2018
- Updated: August 15, 2018
- Aggregate CVE Severity Rating: Important
- Version: 5.0

- CVE-2018-8284 | .NET Framework Remote Code Injection
Vulnerability
- »portal.msrc.microsoft.co ··· guidance
- Reason for Revision: Updated the Affected Products to include
affected versions of Microsoft SharePoint Server, Microsoft
SharePoint Foundation, Microsoft SharePoint Enterprise Server,
and Microsoft Project Server. Customers running any of the
SharePoint products listed in the Affected Products table and
who are also running any affected versions of .NET Framework
need to install the security updates for the versions of .NET
running on their system to be fully protected from this
vulnerability.
- Originally posted: July 10, 2018
- Updated: August 14, 2018
- Aggregate CVE Severity Rating: Important
- Version: 3.0


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#6 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,468 posts

Posted 24 August 2018 - 06:11 PM

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 15, 2018
********************************************************************

Security Advisories Released or Updated on August 15, 2018
===================================================================

* Microsoft Security Advisory ADV180002

 - Title: Guidance to mitigate speculative execution side-channel
   vulnerabilities
 - https://portal.msrc.microsoft.com/en-us/security-guidance/
   advisory/ADV180002
 - Reason for Revision: Updated FAQ #18 to announce that with the
   Windows security updates released on Augus 18, 2918, Microsoft
   is providing the solution for customers with AMD-based devices
   who experienced high CPU utilization after installing the June
   or July security updates and updated microcode from AMD. Microsoft
   recommends that these customers install the August Windows
   secrurity updates and re-enable the Spectre Variant 2 mitigations
   if they were previously disabled. This solution is available in
   the August Windows security updates for: Windows 10 version 1607.
   Windows 10 version 1709. Windows 10 version 1803, Windows 7
   Service Pack 1, Windows Server 2016, Windows Server, version 1709
   (Server Core Installation), Windows Server, version 1803 (Server
   Core Installation), and Windows Server 2008 R2 Service Pack 1.
   The FAQ will be updated as further updates become available.
 - Originally posted: January 3, 2018
 - Updated: August 15, 2018
 - Version: 24.0

* Microsoft Security Advisory ADV180021

 - Title: Microsoft Office Defense in Depth Update
 - https://portal.msrc.microsoft.com/en-us/security-guidance/
   advisory/ADV180021
 - Reason for Revision: Information published.
 - Originally posted: August 15, 2018
 - Updated: N/A
 - Version: 1.0

Other Information
=================

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#7 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,468 posts

Posted 24 August 2018 - 06:23 PM

*******************************************************************
Title: Microsoft Security Update Releases
Issued: August 20, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-0952

Revision Information:
=====================

 - CVE-2018-8273 | Diagnostic Hub Standard Collector Elevation of
   Privilege Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reason for Revision: Microsoft is announcing the release of
   security update 4456688 for Microsoft Visual Studio 2015 Update 3.
   Customers running this version of Microsoft Visual Studio should
   install this security update.
 - Originally posted: August 14, 2018
 - Updated: August 18, 2018
 - Aggregate CVE Severity Rating: Important
 - Version: 2.0

Other Information
=================

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#8 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,468 posts

Posted 24 August 2018 - 06:24 PM

********************************************************************
Title: Microsoft Security Update Releases
Issued: August 21, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8273

Revision Information:
=====================

 - CVE-2018-8273 | Microsoft SQL Server Remote Code Execution
   Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Reason for Revision: Microsoft is announcing the release of
   security update 4458621. This package replaces security update
   4293807 released on August 14, 2018. Customers who installed
   security update 4293807 on Microsoft SQL Server 2016 for
   x64-based Systems Service Pack 2 (CU) should install security
   update 4458621.
 - Originally posted: August 14, 2018
 - Updated: August 20, 2018
 - Aggregate CVE Severity Rating: Critical
 - Version: 2.0

Other Information
=================

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#9 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,468 posts

Posted 25 August 2018 - 09:31 PM

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 24, 2018
********************************************************************

Security Advisories Released or Updated on August 24, 2018
===================================================================

* Microsoft Security Advisory ADV180018

– Title: Microsoft guidance to mitigate L1TF variant
ADV180018
– Reason for Revision: Microsoft is announcing the availability of
   Intel-validated microcode updates for Windows 10 operating
   systems. Please see Microsoft Knowledge Base Article 4093836
   (https://support.micr...s/help/4093836) for the
   current Intel microcode updates.
– Originally posted: August 14, 2018
– Updated: August 24, 2018
– Version: 2.0


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button