This Microsoft advisory notification includes advisories released or updated on November 13, 2018.
2fb5736b3191a695873e77b11348a0e56e6c6a60ec1000bc3660d211e37a5eaa
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: November 13, 2018
********************************************************************
Security Advisories Released or Updated on November 13, 2018
===================================================================
* Microsoft Security Advisory ADV990001
- Title: Latest Servicing Stack Updates
- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/ADV990001
- Reason for Revision: Information published
- Originally posted: November 13, 2018
- Updated: N/A
- Version: 1.0
* Microsoft Security Advisory ADV180002
- Title: Guidance to mitigate speculative execution
side-channel vulnerabilities
- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/ADV180002
- Reason for Revision: The following updates have been made:
1. Added information to FAQ #9 for customers running Windows
Server 2019. 2. Updated FAQ #18 to announce that with the Windows
security updates released on November 13, 2018, Microsoft is
providing the solution for customers with AMD-based devices who
experienced high CPU utilization after installing the June or
July security updates and updated microcode from AMD. Microsoft
recommends that these customers install the November Windows
security updates and re-enable the Spectre Variant 2 mitigations
if they were previously disabled. This solution is available in
the November Windows security updates for: Windows Server 2008,
Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.
3. Added FAQ #20 to address the mitigations for ARM CPUs for
CVE 2017-5715, Branch Target Injection.
- Originally posted: January 3, 2018
- Updated: November 13, 2018
- Version: 26.0
* Microsoft Security Advisory ADV180012
- Title: Microsoft Guidance for Speculative Store Bypass
- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/ADV180012
- Reason for Revision: The following updates have been made to
this advisory: 1. Microsoft is announcing that the security
updates released on November 13, 2018 for all supported versions
of Windows 10, and for Windows Server 2016; Windows Server,
version 1709; Windows Server, version 1803; and Windows Server
2019 provide protections against the Speculative Store Bypass
vulnerability (CVE-2018-3639) for AMD-based computers. These
protections are not enabled by default. For Windows client
(IT pro) guidance, follow the instructions in KB4073119.
2. Microsoft is announcing the availability of updates for
Surface Studio and Surface Book that address the Speculative
Store Bypass (SSB) (CVE-2018-3639) vulnerability. See the
Affected Products table for links to download and install the
updates. See Microsoft Knowledge Base article 4073065 for more
information. 3. In the Security Updates table, the Article and
Download links have been corrected for affected Surface devices.
4. Windows 10 version 1809 and Windows Server 2019 have been
added to the Security Updates table because they are affected by
the SSB vulnerability. 5. The Recommended Actions and FAQ
sections have been updated to include information for devices
using AMD processors.
- Originally posted: May 21, 2018
- Updated: November 13, 2018
- Version: 6.0
* Microsoft Security Advisory ADV180013
- Title: Microsoft Guidance for Rogue System Register Read
- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/ADV180013
- Reason for Revision: The following updates have been made to this
advisory: 1. Microsoft is announcing the availability of updates
for Surface Book that address the Rogue System Registry Read
(CVE-2018-3640) vulnerability. See the Affected Products table
for links to download and install the updates. See Microsoft
Knowledge Base article 4073065 for more information.
2. In the Security Updates table, the Article and Download
links have been corrected.
- Originally posted: May 21, 2018
- Updated: November 13, 2018
- Version: 5.0
* Microsoft Security Advisory ADV180018
- Title: Microsoft guidance to mitigate L1TF variant
- https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/ADV180018
- Reason for Revision: The following updates have been made:
1. Updated the "Microsoft Windows client customers" section to
provide clarification about how the protections for
CVE-2018-5754 and CVE-2018-3620 are related. Customers that
have disabled the protection for CVE-2017-5754 must re-enable it
to gain protection for CVE-2018-3620 (See FAQ#2).
2. Updated the "Microsoft Window Server customers" section to
include information for customers running Windows Server 2019.
Added further clarification to address VBS, Hyper-V, and
Hyper-Threading configurations based on the version of Windows
Server. 3. In FAQ 3, added Windows 10 Version 1809 to the list
of Windows versions in which VBS is supported.
- Originally posted: August 14, 2018
- Updated: November 13, 2018
- Version: 5.0
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious websites. Microsoft does
not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, PGP is not required for
reading security notifications, reading security bulletins, or
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.
********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************
Microsoft respects your privacy. Please read our online Privacy
Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.
If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.
These settings will not affect any newsletters you've requested or
any mandatory service communications that are considered part of
certain Microsoft services.
For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.
This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAlvrBr8ACgkQEEiO2re1
8ugZtA/+PRa/iO9ZP4cd2MGRPtAWrsILQ9B2FpCwiXwOdYJMLsMRP0L71ILaRuUy
lVnYe72jIlfUeTa/lv8RHEjVWKyGQLId60xkFseQ2u4qztXo0IoUusbe8gAojJ70
U5zZxsaOcYK2zj0/0U8fiqynPSyhkeR9uNQIisl66Yb5T0f+IHdOaC3+goFxFUsl
wqgESppva+8e8+d+K4krbWcdvM2jsONpKHhD6H64VZ+vPdONVs171DELy0wPVi6V
CHKNBNppvmfgDy21Sr397C1dUkO/fut+reTc+Acvp6XhrtJNXmzfT2jFwuHzJdcr
+AZsSvtDTtzZQxluc47ArKUdibs86GF2zYC9X1rxa1EnsSix+taDcCHxcoZeXtMC
oDukd+MC2iZ8l3e+eBx5Khutl/o33ibMZDLpJI2w8owWFEf5mqcsql+XQtSInik5
AMtrxZpuN87dBdfizIacAl+0SO+7ekyGGDim0Vvq4Efd2AivpgLM/GQtbYdXOFDD
6GfC7kAKDLtZrJM86GKxUWkXW4p9iT7BLo1L3RhNaAxEk+/QUiXaNWwJpQci0Sa7
FW+bCiusjYWCFOnI5FUBdQEuenxRLcv558O8VY5lT4XSeVM3P8MK9dk5Kp4dlh5N
+5fhIR8UOyyc4mDVWk1t2TxyMpT+qGUGKieakgURmlGV8RM5nQA=
=xQqi
-----END PGP SIGNATURE-----
If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
https://account.microsoft.com/profile/unsubscribe?CTID=0&ECID=bym02KEHh4ibIdYxjQd7eCvsjzViiEJ%2FQ5RrsVhK3lQ%3D&K=c4a0e918-a1af-4aff-bf05-a3b89b77ed53&CMID=null&D=636776611399059753&PID=18000&TID=adfd46f4-992a-45ec-935c-4c9bc4baf506