Microsoft Security Update Releases/Notifications (08/01/2018)

[German]Effective August 1, 2018, Microsoft has pulished Microsoft Security Update Releases for CVE-2018-8172 and CVE-2018-8202 and Microsoft Security Advisory Notification (with notes on Spectre patches). Here are the details.

********************************************************************
Title: Microsoft Security Update Releases
Issued: August 1, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8172
* CVE-2018-8202

Revision Information:
=====================

– CVE-2018-8172 | Visual Studio Remote Code Execution
   Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Affected Products table to
   include Expression Blend 3 Service Pack 1 and Expression Blend
   2 Service Pack 2 because they are also affected by this
   vulnerability. Microsoft recommends that customers running
   either of these versions of Expression Blend install the
   update to be fully protected from this vulnerability.
– Originally posted: July 10, 2018
– Updated: July 31, 2018
– Aggregate CVE Severity Rating: Important
– Version: 2.0

– CVE-2018-8202 | .NET Framework Elevation of Privilege
   Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Microsoft is announcing the release of
   updates, available via the Microsoft Update catalog, to resolve
   known issues some customers experienced after installing the
   July 2018 security updates for .NET Framework. Microsoft
   recommends that customers who experienced application errors as
   described in KB4345913
   (https://support.microsoft.com/en-us/help/4345913) install the
   applicable Standalone update for your system. Customers running
   Window 10 Version 1607 or Windows Server 2016 should install
   Cumulative update 4346877 to resolve application errors. See
   the Affected Products table for links to download and install
   the updates.
– Originally posted: July 10, 2018
– Updated: July 31, 2018
– Aggregate CVE Severity Rating: Important
– Version: 4.0

I reported on the last point in the article NET-Framework Updates July 30, 2018 with Fixes. The second document concerns notes for the Spectre patches:

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: August 1, 2018
********************************************************************

Security Advisories Released or Updated on August 1, 2018
===================================================================

* Microsoft Security Advisory ADV180002

– Title: Guidance to mitigate speculative execution side-channel
   vulnerabilities
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180002
– Reason for Revision: Added FAQ #18 to address a high CPU
   utilization issue some customers with an AMD-based device are
   experiencing after installing the June or July Windows security
   updates or after installing a BIOS update. 
– Originally posted: January 3, 2018
– Updated: August 1, 2018
– Version: 23.0

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *