Virtual Administrator’s August 2018 Patch Recommendations

This month Microsoft released patches for 60 vulnerabilities with 19 of them rated “Critical”, 39 “Important”, 1 “Moderate” and 1 “Low”.

 

All August patches have been approved in our patch policy.

This month includes two zero-day security flaws which are being actively exploited (CVE-2018-8373 and CVE-2018-8414). Also notable is a SQL Server RCE Vulnerability (CVE-2018-8273).  Three new Security Advisories were posted. One is a variant of the Spectre/Meltdown flaw.  Five known issues are listed below. KB4343897/KB4343900 warnings are the same unresolved issues from last month.  KB4343909 warning affects Microsoft Edge using the New Application Guard Window.

3 Microsoft Security Advisories were released. ADV180018, ADV180020 and ADV180021 (links below).

IMPORTANT: New Intel processor exploit

“Foreshadow” is another speculative execution attack on Intel processors. This is Microsoft’s Security Advisory ADV180018

Meltdown, Spectre, and Foreshadow all exploit various flaws in a computing technique known as speculative execution.

Analysis and mitigation of L1 Terminal Fault (L1TF)

https://blogs.technet.microsoft.com/srd/2018/08/10/analysis-and-mitigation-of-l1-terminal-fault-l1tf/

Q3 2018 Speculative Execution Side Channel Update

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

 

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com

Affected software include:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Adobe Flash Player
  • .NET Framework
  • Microsoft Exchange Server
  • Microsoft SQL Server
  • Visual Studio

 

Microsoft Security Advisories

ADV180018 | Microsoft Guidance to mitigate L1TF variant (Published:08/14/2018)

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180018

 

ADV180020 | August 2018 Adobe Flash Security Update (Published:08/14/2018)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180020

 

ADV180021 | Microsoft Office Defense in Depth Update (Published:08/14/2018)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180021

 

 

Known Issues

KB4340731, KB4340733, KB4343897, KB4343900, KB4343909

 

KB4340731 Description of the security update for Microsoft Exchange Server 2013 and 2016

Applies to: Exchange Server 2010/2013/2016 Enterprise

https://support.microsoft.com/en-us/help/4340731/description-of-the-security-update-for-microsoft-exchange-server-2013

When you try to manually install this security update in “normal mode” (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated.

 

KB4340733 Update Rollup 23 for Exchange Server 2010 Service Pack 3

Applies to: Exchange Server 2010 Enterprise

https://support.microsoft.com/en-us/help/4340733/update-rollup-23-for-exchange-server-2010-service-pack-3

When you try to manually install this security update in “normal mode” (not running the update as an administrator) and by double-clicking the update file (.msp), some files are not correctly updated.

 

KB4343897 (Cumulative Update)

Applies to: Windows 10, version 1709

https://support.microsoft.com/en-us/help/4343897/windows-10-update-kb4343897

Symptom: Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you’ve created and Device Guard is enabled

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

Symptom: When Device Guard is enabled, some non-English platforms may display the following strings in English instead of the localized language:

  •  “Cannot use ‘&’ or ‘.’ operators to invoke a module scope command across language boundaries.”
  • “‘Script’ resource from ‘PSDesiredStateConfiguration’ module is not supported when Device Guard is enabled. Please use ‘Script’ resource published by PSDscResources module from PowerShell Gallery.”

Workaround: Microsoft is working on a resolution and will provide an update in an upcoming release.

 

KB4343900 (Monthly Rollup)

Applies to: Windows 7 SP1, Windows Server 2008 R2 SP1

https://support.microsoft.com/en-us/help/4343900/windows-7-update-kb4343900

Symptom: There is an issue with Windows and third-party software that is related to a missing file (oem<number>.inf). Because of this issue, after you apply this update, the network interface controller will stop working.

Workaround:

  1. To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
  2. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Action menu.
  3. Alternatively, install the drivers for the network device by right-clicking the device and selecting Update. Then select Search automatically for updated driver software or Browse my computer for driver software.

 

KB4343909 (Cumulative Update)

Applies to: Windows 10, version 1803

https://support.microsoft.com/en-us/help/4343909/windows-10-update-kb4343909

Symptom: Launching Microsoft Edge using the New Application Guard Window may fail; normal Microsoft Edge instances are not affected.

Workaround: If you’ve experienced the issue and already installed KB4343909, uninstall it.

  1. Install KB4340917.
  2. Install KB4343909.

Microsoft is working on a resolution and will provide an update in an upcoming release.

 

Monthly Rollup/Security Only/Windows 10/Server 2016 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB4343900 – Windows 7, Windows Server 2008 R2
  • KB4343898 – Windows 8.1, Windows Server 2012 R2
  • KB4343901 – Windows Server 2012

 

Security Only Update

  • KB4343899 – Windows 7, Windows Server 2008 R2
  • KB4343888 – Windows 8.1, Windows Server 2012 R2
  • KB4343896 – Windows Server 2012

 

Cumulative Update for Windows 10

  • KB4343892 – Original release version 1507 (OS Build 10240)
  • None – Version 1511 (OS Build 10586)
  • KB4343887 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB4343885 – Version 1703 “Creators Update” (OS Build 15063)
  • KB4343897 – Version 1709 “Fall Creators Update” (OS Build 16299)
  • KB4343909 – Version 1803 “Spring Creators Update” (OS Build 17134)

    Note: Server 2016 uses the same KB as Windows 10 Version 1607

  • KB4343205 – Cumulative Security Update for Internet Explorer 9/10/11

    This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.

 

 

.NET Framework

Security and Quality Rollup (Security Only) for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2

  • KB4345590 (KB4345679)- Windows 7, Windows Server 2008 R2
  • KB4345592 (KB4345681)- Windows 8.1, Windows Server 2012 R2
  • KB4345591 (KB4345680)- Windows Server 2012
  • KB4345593 (KB4345682)- Windows Server 2008 (.NET Framework 2.0, 3.0, 4.5.2, 4.6)

 

KB4343902 – Security Update for Adobe Flash Player

 

August 2018 updates for Microsoft Office

https://support.microsoft.com/en-us/help/4346823/august-2018-updates-for-microsoft-office

 

Notable CVEs

 

CVE-2018-8273 | Microsoft SQL Server Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273

A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system.

 

CVE-2018-8350 | Windows PDF Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8350

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.

 

CVE-2018-8360 | .NET Framework Information Disclosure Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8360

An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections where content from one stream can blend into another stream.

 

CVE-2018-8373 | Scripting Engine Memory Corruption Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8373

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

 

CVE-2018-8414 | Windows Shell Remote Code Execution Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.