-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ******************************************************************** Title: Microsoft Security Advisory Notification Issued: November 13, 2018 ******************************************************************** Security Advisories Released or Updated on November 13, 2018 =================================================================== * Microsoft Security Advisory ADV990001 - Title: Latest Servicing Stack Updates - https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/ADV990001 - Reason for Revision: Information published - Originally posted: November 13, 2018 - Updated: N/A - Version: 1.0 * Microsoft Security Advisory ADV180002 - Title: Guidance to mitigate speculative execution side-channel vulnerabilities - https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/ADV180002 - Reason for Revision: The following updates have been made: 1. Added information to FAQ #9 for customers running Windows Server 2019. 2. Updated FAQ #18 to announce that with the Windows security updates released on November 13, 2018, Microsoft is providing the solution for customers with AMD-based devices who experienced high CPU utilization after installing the June or July security updates and updated microcode from AMD. Microsoft recommends that these customers install the November Windows security updates and re-enable the Spectre Variant 2 mitigations if they were previously disabled. This solution is available in the November Windows security updates for: Windows Server 2008, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. 3. Added FAQ #20 to address the mitigations for ARM CPUs for CVE 2017-5715, Branch Target Injection. - Originally posted: January 3, 2018 - Updated: November 13, 2018 - Version: 26.0 * Microsoft Security Advisory ADV180012 - Title: Microsoft Guidance for Speculative Store Bypass - https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/ADV180012 - Reason for Revision: The following updates have been made to this advisory: 1. Microsoft is announcing that the security updates released on November 13, 2018 for all supported versions of Windows 10, and for Windows Server 2016; Windows Server, version 1709; Windows Server, version 1803; and Windows Server 2019 provide protections against the Speculative Store Bypass vulnerability (CVE-2018-3639) for AMD-based computers. These protections are not enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. 2. Microsoft is announcing the availability of updates for Surface Studio and Surface Book that address the Speculative Store Bypass (SSB) (CVE-2018-3639) vulnerability. See the Affected Products table for links to download and install the updates. See Microsoft Knowledge Base article 4073065 for more information. 3. In the Security Updates table, the Article and Download links have been corrected for affected Surface devices. 4. Windows 10 version 1809 and Windows Server 2019 have been added to the Security Updates table because they are affected by the SSB vulnerability. 5. The Recommended Actions and FAQ sections have been updated to include information for devices using AMD processors. - Originally posted: May 21, 2018 - Updated: November 13, 2018 - Version: 6.0 * Microsoft Security Advisory ADV180013 - Title: Microsoft Guidance for Rogue System Register Read - https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/ADV180013 - Reason for Revision: The following updates have been made to this advisory: 1. Microsoft is announcing the availability of updates for Surface Book that address the Rogue System Registry Read (CVE-2018-3640) vulnerability. See the Affected Products table for links to download and install the updates. See Microsoft Knowledge Base article 4073065 for more information. 2. In the Security Updates table, the Article and Download links have been corrected. - Originally posted: May 21, 2018 - Updated: November 13, 2018 - Version: 5.0 * Microsoft Security Advisory ADV180018 - Title: Microsoft guidance to mitigate L1TF variant - https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/ADV180018 - Reason for Revision: The following updates have been made: 1. Updated the "Microsoft Windows client customers" section to provide clarification about how the protections for CVE-2018-5754 and CVE-2018-3620 are related. Customers that have disabled the protection for CVE-2017-5754 must re-enable it to gain protection for CVE-2018-3620 (See FAQ#2). 2. Updated the "Microsoft Window Server customers" section to include information for customers running Windows Server 2019. Added further clarification to address VBS, Hyper-V, and Hyper-Threading configurations based on the version of Windows Server. 3. In FAQ 3, added Windows 10 Version 1809 to the list of Windows versions in which VBS is supported. - Originally posted: August 14, 2018 - Updated: November 13, 2018 - Version: 5.0 Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at . ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at . If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: . These settings will not affect any newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: . This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAlvrBr8ACgkQEEiO2re1 8ugZtA/+PRa/iO9ZP4cd2MGRPtAWrsILQ9B2FpCwiXwOdYJMLsMRP0L71ILaRuUy lVnYe72jIlfUeTa/lv8RHEjVWKyGQLId60xkFseQ2u4qztXo0IoUusbe8gAojJ70 U5zZxsaOcYK2zj0/0U8fiqynPSyhkeR9uNQIisl66Yb5T0f+IHdOaC3+goFxFUsl wqgESppva+8e8+d+K4krbWcdvM2jsONpKHhD6H64VZ+vPdONVs171DELy0wPVi6V CHKNBNppvmfgDy21Sr397C1dUkO/fut+reTc+Acvp6XhrtJNXmzfT2jFwuHzJdcr +AZsSvtDTtzZQxluc47ArKUdibs86GF2zYC9X1rxa1EnsSix+taDcCHxcoZeXtMC oDukd+MC2iZ8l3e+eBx5Khutl/o33ibMZDLpJI2w8owWFEf5mqcsql+XQtSInik5 AMtrxZpuN87dBdfizIacAl+0SO+7ekyGGDim0Vvq4Efd2AivpgLM/GQtbYdXOFDD 6GfC7kAKDLtZrJM86GKxUWkXW4p9iT7BLo1L3RhNaAxEk+/QUiXaNWwJpQci0Sa7 FW+bCiusjYWCFOnI5FUBdQEuenxRLcv558O8VY5lT4XSeVM3P8MK9dk5Kp4dlh5N +5fhIR8UOyyc4mDVWk1t2TxyMpT+qGUGKieakgURmlGV8RM5nQA= =xQqi -----END PGP SIGNATURE----- If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: https://account.microsoft.com/profile/unsubscribe?CTID=0&ECID=bym02KEHh4ibIdYxjQd7eCvsjzViiEJ%2FQ5RrsVhK3lQ%3D&K=c4a0e918-a1af-4aff-bf05-a3b89b77ed53&CMID=null&D=636776611399059753&PID=18000&TID=adfd46f4-992a-45ec-935c-4c9bc4baf506