exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft Security Bulletin CVE Revision Increment For May, 2018

Microsoft Security Bulletin CVE Revision Increment For May, 2018
Posted May 8, 2018
Site microsoft.com

This Microsoft bulletin summary holds CVE revision updates for CVE-2017-11927, CVE-2018-0886, CVE-2018-0963, and CVE-2018-0993.

tags | advisory
advisories | CVE-2017-11927, CVE-2018-0886, CVE-2018-0963, CVE-2018-0993
SHA-256 | 5e5ba1902640c523ccbcf2d17b6a4cad3b1c56a454a54a54e66afcc779626249

Microsoft Security Bulletin CVE Revision Increment For May, 2018

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Update Releases
Issued: May 8, 2018
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2017-11927
* CVE-2018-0886
* CVE-2018-0963
* CVE-2018-0993

Revision Information:
=====================

- CVE-2017-11927 | Microsoft Windows Information Disclosure
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 2.0
- Reason for Revision: To comprehensively address CVE-2017-11927,
Microsoft is releasing the May Cumulative Updates, Monthly
Rollups, and Security Only Updates. Update 4130957 is being
released for all Windows Server 2008 Service Pack 2 versions.
Microsoft recommends that customers running these versions of
Windows install the updates to be protected from this
vulnerability.
- Originally posted: December 12, 2017
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important


- CVE-2018-0886 | CredSSP Remote Code Execution Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 2.0
- Reason for Revision: Microsoft is releasing new Windows
security updates to address this CVE on May 8, 2018.
The updates released in March did not enforce the new
version of the Credential Security Support Provider protocol.
These security updates do make the new version mandatory.
For more information, see "CredSSP updates for CVE-2018-0886"
located at https://go.microsoft.com/fwlink/?linkid=866660.
- Originally posted: March 13, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important


- CVE-2018-0963 | Windows Kernel Elevation of Privilege
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 2.0
- Reason for Revision: Update 4103727 has been released for
Windows 10 Version 1709 for 32-bit Systems and Windows 10
Version 1709 for 64-based Systems. The update replaces update
4093112, to comprehensively address the vulnerability.
Microsoft recommends that customers running the affected
software install the security update to be fully protected
from the vulnerability described in this CVE description.
See Microsoft Knowledge Base Article 4103727 for more
information.
- Originally posted: April 10, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important


- CVE-2018-0993 | Chakra Scripting Engine Memory Corruption
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 2.0
- Reason for Revision: To comprehensively address CVE-2018-0993,
Microsoft has released security update 4103716 for Windows 10 for
32-bit Systems and Windows 10 for x64-based Systems. Consumers
using Windows 10 are automatically protected. Microsoft recommends
that enterprise customers running Windows 10 ensure that they have
update 4103716 installed to be protected from this vulnerability.
- Originally posted: April 10, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Critical


The following advisories have undergone a major revision increment:

* ADV170017
* ADV180002

Revision Information:
=====================

- ADV170017 | Microsoft Office Defense in Depth Update
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 2.0
- Reason for Revision: To further protect customers, Microsoft is
announcing the release of new updates for ADV170017 for supported
editions of Microsoft Office 2010, Microsoft Office 2013, and
Microsoft Office 2016. Microsoft recommends that customers follow
the instructions in FAQ #1, which has been revised to clarify
the deployment procedure, to download and install the new updates.
In addition, FAQ #2 has been added to explain how customers can
safely use Microsoft Office self-extracting executable installers
(.exe files).
- Originally posted: October 10, 2017
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: N/A


- ADV180002 | Microsoft Office Defense in Depth Update
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Version: 18.0
- Reason for Revision: Updated FAQ #15 to announce that security
update 4103723 for Windows 10 Version 1607, Windows Server
2016, and Windows Server 2016 (Server Core installation)
provides addtional mitigations for AMD processors for
CVE-2017-5715. See
https://support.microsoft.com/en-us/help/4103723/ for more
information. In addition, added information to the FAQ that
security update 4093112 also applies to Windows Server,
version 1709 (Server Core installation).
- Originally posted: January 3, 2018
- Updated: May 8, 2018
- Aggregate CVE Severity Rating: Important


Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious websites. Microsoft does
not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, PGP is not required for
reading security notifications, reading security bulletins, or
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

Microsoft respects your privacy. Please read our online Privacy
Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.

If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

These settings will not affect any newsletters youave requested or
any mandatory service communications that are considered part of
certain Microsoft services.

For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAlrxw/EACgkQEEiO2re1
8ui6cQ//dC8PSHHpL8FHoYF/baTRs1os4g+Ot0rK6FTsST4LGkp3nsf7bExEJCpw
uHY+2yNMWgQhevC2/xod7Q+4ziGdFUA+Pa9MxCr6LCCmfkt3qtOg4yrQ9+HZX58j
GyCpZ3eTSr4iX4hVtlp1iS8CUynQ0vnWaM/WV25vnPq6ZUt1yrEfeWmtmOSGScTE
fS4+F4Gl3HDQl/GcVLD1Rli5nfbGmWGDRv5ymyBzq5SglM6ib6HtAfPvRQXKdd90
Ax6/PR8gQt+0FKSYJX0yUggeDq2cSFpyFgMNT7wPl5QNIdV43sQSLhW9mf1HdaDH
BNHKh7qRd8TubmrE5an6ZXOJMFy5wSH8Rw1/1cIE6SrZRmsI02i34e4lHkskr4nO
hQbx8O0+s52qSZJBC91ImS69OB/AUE8yac2GnoOgdLIJpILDAlzOnVWV6i2Wfj6j
nfbQs8FxNq1DJ/1FoUWSPbH5l/5YYVVydifmi/zCTE5baDYybRvXSXxskun6/Iaj
Yw9r9PVHogEmM2jQTWgqKLnOHnVmgEH6mFukOgRQWP75LyVYwW5BEF2dP9oAzT99
HwCF+txz8orIlsi8AFhHv+bFUcf52uZujSN/kK4BUYcd6pKJURLUlQNDYNiAWY+v
urzWIFSKYORSB8tlFUHbgi1v6Pl1L+zQvKMfqpo3v06Nztyo9vU=
=Ezvr
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close