Microsoft Update Tuesday

This page is aimed at helping system administrators to keep up with Microsoft Update Tuesday. Here I will share the list of Monthly Rollups for Windows 2008 R2, Windows 2012 R2 and Windows 2016, as well as information on the main vulnerabilities (CVEs) they patch. This post will evolve over time with new informational or technical additions in order to keep up with new vulnerabilities and changes to the patching process. You are allowed to comment and suggest information to add and/or fixes.

Glossary

  • MITRE: The Mitre Corporation mantains the Common Vulnerabilities and Exposures (CVE) system and the Common Weakness Enumeration (CWE) project (https://twitter.com/CVEnew)
  • CVE: This is the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability. Example: CVE-2018-3639
  • ICASI: The Industry Consortium for Advancement of Security on the Internet (ICASI)
  • CVRF: The ICASI Common Vulnerability Reporting Framework (CVRF) is an XML-based language that enables different stakeholders across different organizations to share critical security-related information in a single format.
  • CVRF ID: This is a short, unique identifier used to refer to the security document unambiguously in any context. Example: 2018-Jun
  • Patch Tuesday, aka Update Tuesday: second Tuesday of each month, when microsoft releases security patches.
  • Quality Compatibility Registry Key: key that allows the January 2018, February 2018 and March 2018 rollups to install.
    • RegKey="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat"
    • Value Name ="cadca5fe-87d3-4b96-b7fb-a231484277cc"
    • Type="REG_DWORD"
    • Data="0x00000000"

Monthly Rollups list

  • CVRF ID: Out-of-Band of January 2018
  • Release Date: January, 3rd 2018
  • Main CVEs:
    • CVE-2017-5753 Spectre Variant 1 (Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
    • CVE-2017-5715 Spectre Variant 2 (Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
    • CVE-2017-5754 Meltdown Variant 3 (Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.).
  • Total Vulnerabilities: -
  • Critical Vulnerabilities: -
  • Key changes:
    • Security updates to Windows SMB Server, Windows Kernel, Windows Datacenter Networking, and Windows Graphics.
  • Security Monthly Quality Rollup KB Windows 2008 R2: KB4056897 security only update
  • Security Monthly Quality Rollup KB Windows 2012 R2: KB4056898 security only update
  • Security Monthly Quality Rollup KB Windows 2016: -
  • Quality Compatibility Registry Key Needed: Yes

  • CVRF ID: 2018-Jan
  • Release Date: January, 9th 2018
  • Main CVEs:
  • Total Vulnerabilities: 59
  • Critical Vulnerabilities: 17
  • Key changes:
    • Security updates to Microsoft Edge, Internet Explorer, Windows Graphics, Windows Kernel, Windows Datacenter Networking, and Windows SMB Server.
  • Security Monthly Quality Rollup KB Windows 2008 R2: KB4056894
  • Security Monthly Quality Rollup KB Windows 2012 R2: KB4056895
  • Security Monthly Quality Rollup KB Windows 2016: KB4056890
  • Quality Compatibility Registry Key Needed: Yes

  • CVRF ID: 2018-Feb
  • Release Date: February, 13th 2018
  • Main CVEs:
    • CVE-2018-0825 StructuredQuery Remote Code Execution Vulnerability (StructuredQuery allows a remote code execution vulnerability due to how objects are handled in memory)
  • Total Vulnerabilities: 50
  • Critical Vulnerabilities: 14
  • Key changes:
    • Security updates to Internet Explorer, Windows Kernel, Common Log File System driver, Windows storage and file systems, Microsoft Windows Search component, and the Windows SMB Server.
  • Security Monthly Quality Rollup KB Windows 2008 R2: KB4074598
    Security Monthly Quality Rollup KB Windows 2012 R2: KB4074594
    Security Monthly Quality Rollup KB Windows 2016: KB4074590
    Quality Compatibility Registry Key Needed: Yes

  • CVRF ID: 2018-Mar
  • Release Date: March, 13th 2018
  • Main CVEs:
    • CVE-2018-0886 CredSSP Remote Code Execution Vulnerability (The Credential Security Support Provider protocol (CredSSP) allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process)
    • CVE-2018-0883 Windows Shell Remote Code Execution Vulnerability (Windows Shell allows a remote code execution vulnerability due to how file copy destinations are validated)"
  • Total Vulnerabilities: 74
  • Critical Vulnerabilities: 15
  • Key changes:
    • Security updates to Internet Explorer, Microsoft Edge, Microsoft Scripting Engine, Microsoft Windows Search component, Windows Desktop Bridge, Microsoft Graphics component, Windows Kernel, Windows Shell, Windows MSXML, Windows Datacenter Networking, Windows Installer, and Windows Hyper-V.
  • Security Monthly Quality Rollup KB Windows 2008 R2: KB4088875
  • Security Monthly Quality Rollup KB Windows 2012 R2: KB4088876
  • Security Monthly Quality Rollup KB Windows 2016: KB4088787
  • Quality Compatibility Registry Key Needed: Yes

  • CVRF ID: Out-of-Band
  • Release Date: March, 30th, 2018
  • Main CVEs:
    • CVE-2018-1038 Windows Kernel Elevation of Privilege Vulnerability (The Windows kernel allows an elevation of privilege vulnerability due to the way it handles objects in memory)
  • Total Vulnerabilities: -
  • Critical Vulnerabilities: -
  • Key changes:
  • Security Monthly Quality Rollup KB Windows 2008 R2: KB4100480 Meltdown patch of patch (superseded by KB4093108 security only update)
  • Security Monthly Quality Rollup KB Windows 2012 R2: -
    Security Monthly Quality Rollup KB Windows 2016: -
    Quality Compatibility Registry Key Needed: Yes

  • CVRF ID: 2018-Apr
  • Release Date: April, 10th 2018
  • Main CVEs:
  • Total Vulnerabilities: 66
  • Critical Vulnerabilities: 22
  • Key changes:
    • Windows Update and WSUS will offer this update to applicable Windows client and server operating systems regardless of the existence or value of the "cadca5fe-87d3-4b96-b7fb-a231484277cc" registry setting. This change has been made to protect user data.
    • Security updates to Internet Explorer, Microsoft scripting engine, Microsoft graphics component, Windows Server, Windows kernel, Windows datacenter networking, Windows Hyper-V, Windows virtualization and kernel, and Windows app platform and frameworks.
  • Security Monthly Quality Rollup KB Windows 2008 R2: KB4093118
  • Security Monthly Quality Rollup KB Windows 2012 R2: KB4093114
  • Security Monthly Quality Rollup KB Windows 2016: KB4093119
  • Quality Compatibility Registry Key Needed: No

  • CVRF ID: 2018-May
  • Release Date: May, 8th 2018
  • Main CVEs:
    • CVE-2018-8174 Windows VBScript Engine Remote Code Execution Vulnerability (A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory)
    • CVE-2018-8120 Win32k Elevation of Privilege Vulnerability (An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory)"
  • Total Vulnerabilities: 67
  • Critical Vulnerabilities: 21
  • Key changes:
    • Security updates to Microsoft Edge, Internet Explorer, Microsoft scripting engine, Windows app platform and frameworks, Device Guard, Windows kernel, Microsoft Graphics Component, Windows Hyper-V, HTML help, and Windows Server.
  • Security Monthly Quality Rollup KB Windows 2008 R2: KB4103718
  • Security Monthly Quality Rollup KB Windows 2012 R2: KB4103725
  • Security Monthly Quality Rollup KB Windows 2016: KB4103723
  • Quality Compatibility Registry Key Needed: No

  • CVRF ID: 2018-Jun
  • Release Date: June, 12th 2018
  • Main CVEs:
    • CVE-2018-3639 Speculative Store Bypass (SSB), Variant 4 (Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis)
    • CVE-2018-8225 Windows DNSAPI Remote Code Execution Vulnerability (A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses)
    • CVE-2018-8267 Scripting Engine Memory Corruption Vulnerability (A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer)
  • Total Vulnerabilities: 50
  • Critical Vulnerabilities: 11
  • Key changes:
    • Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
    • Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows datacenter networking, Windows wireless networking, Windows Server, Windows virtualization and kernel, and Windows app platform and frameworks.
  • Security Monthly Quality Rollup KB Windows 2008 R2: KB4284826
  • Security Monthly Quality Rollup KB Windows 2012 R2: KB4284815
  • Security Monthly Quality Rollup KB Windows 2016: KB4284880 Cumultative Update
  • Quality Compatibility Registry Key Needed: No



  • CVRF ID: 2018-Jul
  • Release Date: July, 10th 2018
  • Main CVEs:
    • CVE-2018-8327 PowerShell Editor Services Remote Code Execution Vulnerability
  • Total Vulnerabilities: 54
  • Critical Vulnerabilities: 17
  • Key changes:
    • Security update for Microsoft’s browsers or browser-related technologies as well as for an additional speculative execution vulnerability announced in June 2018.
  • Security Monthly Quality Rollup KB Windows 2008 R2: KB4338818
  • Security Monthly Quality Rollup KB Windows 2012 R2: KB4338815
  • Security Monthly Quality Rollup KB Windows 2016: KB4338814
  • Quality Compatibility Registry Key Needed: No



  • CVRF ID: Out-of-Band of July 2018
  • Release Date: July, 16th 2018
  • Main CVEs:
  • Total Vulnerabilities:
  • Critical Vulnerabilities:
  • Key changes:
    • Addresses issues caused by the installation of the July-2018 Monthly Rollup
  • Security Monthly Quality Rollup KB Windows 2008 R2:
  • Security Monthly Quality Rollup KB Windows 2012 R2:
  • Security Monthly Quality Rollup KB Windows 2016: KB4345418
  • Quality Compatibility Registry Key Needed: No



  • CVRF ID: Out-of-Band of July 2018
  • Release Date: July, 24th 2018
  • Main CVEs:
  • Total Vulnerabilities:
  • Critical Vulnerabilities:
  • Key changes:
    • Addresses issues caused by the out-of-band Monthly Rollup of July, 16th
  • Security Monthly Quality Rollup KB Windows 2008 R2:
  • Security Monthly Quality Rollup KB Windows 2012 R2:
  • Security Monthly Quality Rollup KB Windows 2016: KB4338822
  • Quality Compatibility Registry Key Needed: No



  • CVRF ID: Out-of-Band of July 2018
  • Release Date: July, 30th 2018
  • Main CVEs:
  • Total Vulnerabilities:
  • Critical Vulnerabilities:
  • Key changes:
    • Addresses issues caused by the out-of-band Monthly Rollup of July, 16th
  • Security Monthly Quality Rollup KB Windows 2008 R2:
  • Security Monthly Quality Rollup KB Windows 2012 R2:
  • Security Monthly Quality Rollup KB Windows 2016: KB4346877
  • Quality Compatibility Registry Key Needed: No




  • CVRF ID: 2018-Aug
  • Release Date: August, 14th 2018
  • Main CVEs:
    • CVE-2018-3615 Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
    • CVE-2018-3620 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
    • CVE-2018-3646 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

  • Total Vulnerabilities:
  • Critical Vulnerabilities:
  • Key changes:
    • Addresses an issue that causes high CPU usage that results in performance degradation on some systems with Family 15h and 16h AMD processors. This issue occurs after installing the June 2018 or July 2018 Windows updates from Microsoft and the AMD microcode updates that address Spectre Variant 2 (CVE-2017-5715 – Branch Target Injection).
    • Provides protection against an additional vulnerability involving side-channel speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-3665) for 32-Bit (x86) versions of Windows.
    • Addresses the newly discovered execution side-channel vulnerability called as L1 Terminal Fault (L1TF) that affects Intel processors (CVE-2018-3620 and CVE-2018-3646).
  • Security Monthly Quality Rollup KB Windows 2008 R2: KB4343900
  • Security Monthly Quality Rollup KB Windows 2012 R2: KB4343898
  • Security Monthly Quality Rollup KB Windows 2016: KB4343887
  • Quality Compatibility Registry Key Needed: No


  • No comments:

    Post a Comment

    Related Posts Plugin for WordPress, Blogger...