—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************
Security Advisories Released or Updated on September 11, 2018 ===================================================================
* Microsoft Security Advisory ADV180002
– Title: Guidance to mitigate speculative execution
side-channel vulnerabilities
– https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/ADV180002
– Reason for Revision: The following updates have been made:
- Microsoft has released security update 4457128 for Windows
10 Version 1803 for ARM64-based Systems to provide protection
against CVE-2017-5715. See the Affected Products table for links
to download and install the update. Note that this update is also
available via Windows Update. 2. Added FAQ #19 to explain where
customer can find and install ARM64 firmware that address
CVE-2017-5715 – Branch target injection (Spectre, Variant 2).
– Originally posted: January 3, 2018
– Updated: September 11, 2018
– Version: 25.0
* Microsoft Security Advisory ADV180018
– Title: Microsoft guidance to mitigate L1TF variant
– https://portal.msrc.microsoft.com/en-us/security-guidance/
advisory/ADV180018
– Reason for RevisioMicrosoft is announcing the release of
Monthly Rollup 4458010 and Security Only 4457984 for Windows
Server 2008 to provide additional protections against the
speculative execution side-channel vulnerability known as L1
Terminal Fault (L1TF) that affects IntelB. CoreB. processors and
IntelB. XeonB. processors (CVE-2018-3620 and CVE-2018-3646).
Customers running Windows Server 2008 should install either
4458010 or 4457984 in addition to Security Update 4341832, which
was released on August 14, 2018. See [Windows Server 2008 SP2
servicing changes](https://cloudblogs.microsoft.com/windowsserver
/2018/06/12/windows-server-2008-sp2-servicing-changes/) for
more information. In addition, a note has been added to FAQ #2
to provide further information regarding enabling the mitigation
for CVE-2017-5754 (Meltdown).
– Originally posted: August 14, 2018
– Updated: September 11, 2018
– Version: 4.0
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.
Take a look at the best antivirus, anti-malware, anti-spy, etc. software