-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: November 13, 2018
********************************************************************

Security Advisories Released or Updated on November 13, 2018
===================================================================

* Microsoft Security Advisory ADV990001

 - Title: Latest Servicing Stack Updates 
 - https://portal.msrc.microsoft.com/en-us/security-guidance/
   advisory/ADV990001
 - Reason for Revision: Information published
 - Originally posted: November 13, 2018
 - Updated: N/A
 - Version: 1.0

* Microsoft Security Advisory ADV180002

 - Title: Guidance to mitigate speculative execution 
   side-channel vulnerabilities
 - https://portal.msrc.microsoft.com/en-us/security-guidance/
   advisory/ADV180002
 - Reason for Revision: The following updates have been made: 
   1. Added information to FAQ #9 for customers running Windows 
   Server 2019. 2. Updated FAQ #18 to announce that with the Windows
   security updates released on November 13, 2018, Microsoft is
   providing the solution for customers with AMD-based devices who
   experienced high CPU utilization after installing the June or
   July security updates and updated microcode from AMD. Microsoft
   recommends that these customers install the November Windows
   security updates and re-enable the Spectre Variant 2 mitigations
   if they were previously disabled. This solution is available in
   the November Windows security updates for: Windows Server 2008,
   Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. 
   3. Added FAQ #20 to address the mitigations for ARM CPUs for
   CVE 2017-5715, Branch Target Injection.
 - Originally posted: January 3, 2018
 - Updated: November 13, 2018
 - Version: 26.0

* Microsoft Security Advisory ADV180012

 - Title: Microsoft Guidance for Speculative Store Bypass
 - https://portal.msrc.microsoft.com/en-us/security-guidance/
   advisory/ADV180012
 - Reason for Revision: The following updates have been made to 
   this advisory: 1. Microsoft is announcing that the security 
   updates released on November 13, 2018 for all supported versions
   of Windows 10, and for Windows Server 2016; Windows Server,
   version 1709; Windows Server, version 1803; and Windows Server
   2019 provide protections against the Speculative Store Bypass
   vulnerability (CVE-2018-3639) for AMD-based computers. These
   protections are not enabled by default. For Windows client
   (IT pro) guidance, follow the instructions in KB4073119.
   2. Microsoft is announcing the availability of updates for
   Surface Studio and Surface Book that address the Speculative
   Store Bypass (SSB) (CVE-2018-3639) vulnerability. See the
   Affected Products table for links to download and install the
   updates. See Microsoft Knowledge Base article 4073065 for more
   information. 3. In the Security Updates table, the Article and
   Download links have been corrected for affected Surface devices.
   4. Windows 10 version 1809 and Windows Server 2019 have been
   added to the Security Updates table because they are affected by
   the SSB vulnerability. 5. The Recommended Actions and FAQ
   sections have been updated to include information for devices
   using AMD processors.
 - Originally posted: May 21, 2018
 - Updated: November 13, 2018
 - Version: 6.0

* Microsoft Security Advisory ADV180013

 - Title: Microsoft Guidance for Rogue System Register Read
 - https://portal.msrc.microsoft.com/en-us/security-guidance/
   advisory/ADV180013
 - Reason for Revision: The following updates have been made to this
   advisory: 1. Microsoft is announcing the availability of updates
   for Surface Book that address the Rogue System Registry Read
   (CVE-2018-3640) vulnerability. See the Affected Products table
   for links to download and install the updates. See Microsoft
   Knowledge Base article 4073065 for more information. 
   2. In the Security Updates table, the Article and Download
   links have been corrected.
 - Originally posted: May 21, 2018
 - Updated: November 13, 2018
 - Version: 5.0

* Microsoft Security Advisory ADV180018

 - Title: Microsoft guidance to mitigate L1TF variant
 - https://portal.msrc.microsoft.com/en-us/security-guidance/
   advisory/ADV180018
 - Reason for Revision: The following updates have been made:
   1. Updated the "Microsoft Windows client customers" section to
   provide clarification about how the protections for
   CVE-2018-5754 and CVE-2018-3620 are related. Customers that
   have disabled the protection for CVE-2017-5754 must re-enable it
   to gain protection for CVE-2018-3620 (See FAQ#2). 
   2. Updated the "Microsoft Window Server customers" section to
   include information for customers running Windows Server 2019.
   Added further clarification to address VBS, Hyper-V, and
   Hyper-Threading configurations based on the version of Windows
   Server. 3. In FAQ 3, added Windows 10 Version 1809 to the list
   of Windows versions in which VBS is supported.
 - Originally posted: August 14, 2018
 - Updated: November 13, 2018
 - Version: 5.0


Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing 
a Microsoft security update, it is a hoax that may contain 
malware or pointers to malicious websites. Microsoft does 
not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally 
sign all security notifications. However, PGP is not required for 
reading security notifications, reading security bulletins, or 
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

Microsoft respects your privacy. Please read our online Privacy
Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.

If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

These settings will not affect any newsletters you've requested or
any mandatory service communications that are considered part of
certain Microsoft services.

For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052












-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAlvrBr8ACgkQEEiO2re1
8ugZtA/+PRa/iO9ZP4cd2MGRPtAWrsILQ9B2FpCwiXwOdYJMLsMRP0L71ILaRuUy
lVnYe72jIlfUeTa/lv8RHEjVWKyGQLId60xkFseQ2u4qztXo0IoUusbe8gAojJ70
U5zZxsaOcYK2zj0/0U8fiqynPSyhkeR9uNQIisl66Yb5T0f+IHdOaC3+goFxFUsl
wqgESppva+8e8+d+K4krbWcdvM2jsONpKHhD6H64VZ+vPdONVs171DELy0wPVi6V
CHKNBNppvmfgDy21Sr397C1dUkO/fut+reTc+Acvp6XhrtJNXmzfT2jFwuHzJdcr
+AZsSvtDTtzZQxluc47ArKUdibs86GF2zYC9X1rxa1EnsSix+taDcCHxcoZeXtMC
oDukd+MC2iZ8l3e+eBx5Khutl/o33ibMZDLpJI2w8owWFEf5mqcsql+XQtSInik5
AMtrxZpuN87dBdfizIacAl+0SO+7ekyGGDim0Vvq4Efd2AivpgLM/GQtbYdXOFDD
6GfC7kAKDLtZrJM86GKxUWkXW4p9iT7BLo1L3RhNaAxEk+/QUiXaNWwJpQci0Sa7
FW+bCiusjYWCFOnI5FUBdQEuenxRLcv558O8VY5lT4XSeVM3P8MK9dk5Kp4dlh5N
+5fhIR8UOyyc4mDVWk1t2TxyMpT+qGUGKieakgURmlGV8RM5nQA=
=xQqi
-----END PGP SIGNATURE-----

If you would prefer not to receive future technical security 
notification alerts by email from Microsoft and its family of 
companies please visit the following website to unsubscribe: 
https://account.microsoft.com/profile/unsubscribe?CTID=0&ECID=bym02KEHh4ibIdYxjQd7eCvsjzViiEJ%2FQ5RrsVhK3lQ%3D&K=c4a0e918-a1af-4aff-bf05-a3b89b77ed53&CMID=null&D=636776611399059753&PID=18000&TID=adfd46f4-992a-45ec-935c-4c9bc4baf506