==================================================================== CERT-Renater Note d'Information No. 2018/VULN265 _____________________________________________________________________ DATE : 31/08/2018 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, Microsoft Office Services and Web Apps, ChakraCore, Adobe Flash Player, .NET Framework, Microsoft Exchange Server, Microsoft SQL Server, Visual Studio. ===================================================================== https://portal.msrc.microsoft.com/en-us/security-guidance https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/ecb26425-583f-e811-a96f-000d3a33c573 _____________________________________________________________________ ******************************************************************** Microsoft Security Update Summary for August 14, 2018 Issued: August 14, 2018 ******************************************************************** This summary lists security updates released for August 14, 2018. Complete information for the August 2018 security update release can Be found at . Critical Security Updates ============================ ChakraCore Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 23 Microsoft Exchange Server 2013 Cumulative Update 20 Microsoft Exchange Server 2013 Cumulative Update 21 Microsoft Exchange Server 2016 Cumulative Update 9 Microsoft Exchange Server 2016 Cumulative Update 10 Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 Microsoft SQL Server 2016 for x64-based Systems Service Pack 1 (CU) Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (CU) Microsoft SQL Server 2017 for x64-based Systems Microsoft SQL Server 2017 for x64-based Systems (CU) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 version 1709 for 32-bit Systems Windows 10 version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server, version 1709 (Server Core Installation) Windows Server, version 1803 (Server Core Installation) Microsoft Edge Internet Explorer 11 Important Security Updates ============================ Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.6/4.6.1/4.6.2 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 Microsoft .NET Framework 4.7.1/4.7.2 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.7/4.7.1/4.7.2 Microsoft Excel 2010 Service Pack 2 (32-bit editions) Microsoft Excel 2010 Service Pack 2 (64-bit editions) Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2013 Service Pack 1 (32-bit editions) Microsoft Excel 2013 Service Pack 1 (64-bit editions) Microsoft Excel 2016 (32-bit edition) Microsoft Excel 2016 (64-bit edition) Microsoft Excel 2016 Click-to-Run (C2R) for 32-bit editions Microsoft Excel 2016 Click-to-Run (C2R) for 64-bit editions Microsoft Excel Viewer 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 (32-bit editions) Microsoft Office 2010 Service Pack 2 (64-bit editions) Microsoft Office 2013 RT Service Pack 1 Microsoft Office 2013 Service Pack 1 (32-bit editions) Microsoft Office 2013 Service Pack 1 (64-bit editions) Microsoft Office 2016 (32-bit edition) Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 Click-to-Run (C2R) for 32-bit editions Microsoft Office 2016 Click-to-Run (C2R) for 64-bit editions Microsoft Office 2016 for Mac Microsoft Office Compatibility Pack Service Pack 3 Microsoft Office Web Apps 2010 Service Pack 2 Microsoft Office Web Apps 2013 Service Pack 1 Microsoft Office Word Viewer Microsoft Outlook 2010 Service Pack 2 (32-bit editions) Microsoft Outlook 2010 Service Pack 2 (64-bit editions) Microsoft Outlook 2013 RT Service Pack 1 Microsoft Outlook 2013 Service Pack 1 (32-bit editions) Microsoft Outlook 2013 Service Pack 1 (64-bit editions) Microsoft Outlook 2016 (32-bit edition) Microsoft Outlook 2016 (64-bit edition) Microsoft Outlook 2016 Click-to-Run (C2R) for 32-bit editions Microsoft Outlook 2016 Click-to-Run (C2R) for 64-bit editions Microsoft PowerPoint 2010 Service Pack 2 (32-bit editions) Microsoft PowerPoint 2010 Service Pack 2 (64-bit editions) Microsoft SharePoint Enterprise Server 2013 Service Pack 1 Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2013 Service Pack 1 Microsoft Visual Studio 2015 Update 3 Microsoft Visual Studio 2017 Microsoft Visual Studio 2017 Version 15.8 Word Automation Services Moderate Security Updates ============================ Microsoft Exchange Server 2016 Cumulative Update 9 Microsoft Exchange Server 2016 Cumulative Update 10 Internet Explorer 9 Internet Explorer 10 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security information, or installing security updates. You can obtain the MSRC public PGP key at . ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at . If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: . These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: . This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ________________________________________________________________ ******************************************************************** Title: Microsoft Security Advisory Notification Issued: August 24, 2018 ******************************************************************** Security Advisories Released or Updated on August 24, 2018 =================================================================== * Microsoft Security Advisory ADV180018 - Title: Microsoft guidance to mitigate L1TF variant - https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/ADV180018 - Reason for Revision: Microsoft is announcing the availability of Intel-validated microcode updates for Windows 10 operating systems. Please see Microsoft Knowledge Base Article 4093836 (https://support.microsoft.com/en-us/help/4093836) for the current Intel microcode updates. - Originally posted: August 14, 2018 - Updated: August 24, 2018 - Version: 2.0 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at . ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at . If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: . These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: . This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 __________________________________________________________________ ******************************************************************** Title: Microsoft Security Advisory Notification Issued: August 15, 2018 ******************************************************************** Security Advisories Released or Updated on August 15, 2018 =================================================================== * Microsoft Security Advisory ADV180002 - Title: Guidance to mitigate speculative execution side-channel vulnerabilities - https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/ADV180002 - Reason for Revision: Updated FAQ #18 to announce that with the Windows security updates released on Augus 18, 2918, Microsoft is providing the solution for customers with AMD-based devices who experienced high CPU utilization after installing the June or July security updates and updated microcode from AMD. Microsoft recommends that these customers install the August Windows secrurity updates and re-enable the Spectre Variant 2 mitigations if they were previously disabled. This solution is available in the August Windows security updates for: Windows 10 version 1607. Windows 10 version 1709. Windows 10 version 1803, Windows 7 Service Pack 1, Windows Server 2016, Windows Server, version 1709 (Server Core Installation), Windows Server, version 1803 (Server Core Installation), and Windows Server 2008 R2 Service Pack 1. The FAQ will be updated as further updates become available. - Originally posted: January 3, 2018 - Updated: August 15, 2018 - Version: 24.0 * Microsoft Security Advisory ADV180021 - Title: Microsoft Office Defense in Depth Update - https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/ADV180021 - Reason for Revision: Information published. - Originally posted: August 15, 2018 - Updated: N/A - Version: 1.0 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at . ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at . If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: . These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: . This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================