Microsoft Security Advisory Notification

["Microsoft" <securitynotifications () e-mail microsoft com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: September 11, 2018
********************************************************************

Security Advisories Released or Updated on September 11, 2018
===================================================================

* Microsoft Security Advisory ADV180002

 - Title: Guidance to mitigate speculative execution 
   side-channel vulnerabilities
 - https://portal.msrc.microsoft.com/en-us/security-guidance/
   advisory/ADV180002
 - Reason for Revision: The following updates have been made: 
   1. Microsoft has released security update 4457128 for Windows
   10 Version 1803 for ARM64-based Systems to provide protection
   against CVE-2017-5715. See the Affected Products table for links
   to download and install the update. Note that this update is also
   available via Windows Update. 2. Added FAQ #19 to explain where 
   customer can find and install ARM64 firmware that address 
   CVE-2017-5715 - Branch target injection (Spectre, Variant 2).
 - Originally posted: January 3, 2018
 - Updated: September 11, 2018
 - Version: 25.0


* Microsoft Security Advisory ADV180018

 - Title: Microsoft guidance to mitigate L1TF variant
 - https://portal.msrc.microsoft.com/en-us/security-guidance/
   advisory/ADV180018
 - Reason for RevisioMicrosoft is announcing the release of 
   Monthly Rollup 4458010 and Security Only 4457984 for Windows 
   Server 2008 to provide additional protections against the 
   speculative execution side-channel vulnerability known as L1 
   Terminal Fault (L1TF) that affects Intel® Core® processors and 
   Intel® Xeon® processors (CVE-2018-3620 and CVE-2018-3646). 
   Customers running Windows Server 2008 should install either 
   4458010 or 4457984 in addition to Security Update 4341832, which
   was released on August 14, 2018. See [Windows Server 2008 SP2 
   servicing changes](https://cloudblogs.microsoft.com/windowsserver
   /2018/06/12/windows-server-2008-sp2-servicing-changes/) for
   more information. In addition, a note has been added to FAQ #2
   to provide further information regarding enabling the mitigation
   for CVE-2017-5754 (Meltdown).
 - Originally posted: August 14, 2018
 - Updated: September 11, 2018
 - Version: 4.0


Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing 
a Microsoft security update, it is a hoax that may contain 
malware or pointers to malicious websites. Microsoft does 
not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally 
sign all security notifications. However, PGP is not required for 
reading security notifications, reading security bulletins, or 
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

Microsoft respects your privacy. Please read our online Privacy
Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.

If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe:
<https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar
d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>.

These settings will not affect any newsletters you've requested or
any mandatory service communications that are considered part of
certain Microsoft services.

For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052












-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELe29pj1Ogz+2MnKbEEiO2re18ugFAluX7mkACgkQEEiO2re1
8uhzTg//XsjFpSqcYeBeF6z/T87NiCZxP7GuAIyc4jRit4KWTpEGB7nRCdVoGkmB
8d8EmFW5f6NW3IkVftpuLppUZQxH6+M0hrF8OvtEH7RD2CfoLtTt7zU1i0oNGZpK
AFuBDQ4T3DD2QFMIpq5dZV91Oq59bELH5s7/iek/YukRpJXN0lOUNXPDtwHApIE8
6jTG02b/rnb1xESY+c8UzWp8qak0t5VmPlPo8U3ACUbE7EyDapq+wvwwzmmIfwB9
w/S7mtYV3xmP7WgaRwO8S8LnvrbQlovsUv0HRsgAOyUVFWTt//NMhUP/vmBlTI+X
Al58JOmGOvAaKF1PMegY8iwA1mqGUAJKWD8UDYLELSXYxwiWfShVazVKdvtmyO7H
yKLM+q6jlPKbrAb5foitTLRPsGeu5sGeKsh0+dKJaF45z6BaeJacl6BGC4mUEGc7
QYFmvtfkO8mO1kZiswwQvLwbT2jM1KVD8WsRQalANYjw7SIrd6zRd0LlOAai8vpt
lpPJ1/UwU6cUn5NBTProLthKQqKtRIBHgLWIJGe0rvbn0IzrXTeR5mSvukU2k9DO
9L5eEW6392IUob9xtDEE/cdoaWh2Un0tzyT00W++/v8IyTE5a1+JUlzEoddOLAET
EetkersSvM+6udxNTiyUzqvz/I+qNog7aYb2undXxVpDiXERQmM=
=LqPQ
-----END PGP SIGNATURE-----