Microsoft Security Advisory Notification

["Microsoft" <securitynotifications () e-mail microsoft com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: June 12, 2018
********************************************************************

Security Advisories Released or Updated on June 12, 2018
===================================================================

* Microsoft Security Advisory 4338110

 - Title: Microsoft guidance for CBC Symmetric Encryption Security
   Feature Bypass
 - https://docs.microsoft.com/en-us/security-updates/
   securityadvisories/2018/4338110
 - Reason for Revision: Information published.
 - Originally posted: June 12, 2018
 - Version: 1.0

* Microsoft Security Advisory 180002

 - Title: Guidance to mitigate speculative execution side-channel
   vulnerabilities
 - https://portal.msrc.microsoft.com/en-US/security-guidance/
   advisory/ADV180002
 - Reason for Revision: Updated FAQ #15 to announce that the
   following security updates provide addtional mitigations for AMD
   processors for CVE-2017-5715: 1. Security update 4284874 for
   Windows 10 Version 1703 - see https://support.microsoft.com/
   en-us/help/4103723/ for more information. 2. Security update
   4284860 for Windows 10 - see https://support.microsoft.com/en-us/
   help/4284860/ for more information. 3. Security update 4284826
   (monthly rollup) or 4284867 (security only) for Windows 7,
   Windows Server 2008 R2, or Windows Server 2008 R2 (Server Core
   installation) - see https://support.microsoft.com/en-us/help/
   4284826/ or https://support.microsoft.com/en-us/help/4284867/
   for more information.
 - Originally posted: January 3, 2018
 - Updated: June 12, 2018
 - Version: 20.0

* Microsoft Security Advisory 180012

 - Title: Microsoft Guidance for Speculative Store Bypass
 - https://portal.msrc.microsoft.com/en-US/security-guidance/
   advisory/ADV180012
 - Reason for Revision: Microsoft is announcing that the Windows
   security updates released on June 12, 2018 include support for
   Speculative Store Bypass Disable (SSBD) in Intel processors. This
   support is available for all supported editions of Windows 10,
   Windows Server 2016, Windows 7, and Windows Server 2008 R2. See
   the Affected Products table for the security updates. The
   Recommended Actions section of this advisory has been updated
   to include steps for applying updates to mitigate CVE-2018-3639 -
   Speculative Store Bypass (SSB), Variant 4. In addtion, revisions
   have been made to the FAQ section to address questions about
   performance implications of these updates and of SSBD.
 - Originally posted: May 21, 2018
 - Updated: June 12, 2018
 - Version: 2.0

Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing 
a Microsoft security update, it is a hoax that may contain 
malware or pointers to malicious websites. Microsoft does 
not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally 
sign all security notifications. However, PGP is not required for 
reading security notifications, reading security bulletins, or 
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

Microsoft respects your privacy. Please read our online Privacy
Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.

If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

These settings will not affect any newsletters you've requested or
any mandatory service communications that are considered part of
certain Microsoft services.

For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052












-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAlsfAfsACgkQEEiO2re1
8uhb+A//SslM1v0DfIfUDRkldUN5cdvdB11qZ73tL1eSrWX+zywPQLjVo0nHpelW
zfKQUw5FCSYs5xXcV3AdFimrET/iZZHH5SV4IOVre8I3x1s6wehTOnpHtjYP3WtP
c3vu+X13AoLKn2Jtw0rQQLpZCF3itk/QUGYbWpU7XY8vqd85ip+E8cNKIOhwvqKM
NVAptp6+Tg09nqAfGqBtAT4SZBOui+8Ww0Ci3M/xJLuQHOwtC0HOA0IYTRT61MQZ
HaMAeHvqGOwg9uhfzRQeDBY1J6/mo/ps/j1WKdnMRosOPImtnBuwpociafxEfmhz
9crP0qJ1KiXYrRnm8044+67Ay8qr+KsT8zFAvFLrdTZBFVlSAOH1dFwX/fDX07E6
5PocGf+6RIwH6PvFdrQbaxM0ApanW1g61/MG2NLlBEdbXoFHdgs0emYHplQSl+H+
XR1rypmQcD5tNdZfSCxcySryZR5QkhlHHQLHxSN3QSaFvWbzGci4T7NqrikyREqb
V3EvB6M6Pji7E1uAbn6V5+wFaizUCXhkE3HPWmIQISJXRRmQXEfHw+Gr0dkvQRKN
EtTlcxC2DVtljYoZwc4z4NyMO9OuvBUY9VXoB9RfQEcTtHH7TELclC7BG/5cKDAL
wI72z3HS/QHczo/WDpeKcAXRQlWe0LI+E1fb3cJaWjO0WPR7WCs=
=8cmy
-----END PGP SIGNATURE-----