The document summarizes an upcoming webinar on the August 2018 Patch Tuesday updates. The webinar will include an overview of the August patches, discussion of notable security news items, and a review of Microsoft and third-party bulletins. It will also cover Windows lifecycle awareness, new patch notification systems, and known issues for some of the August updates. Attendees can ask questions during the live Q&A portion.
8. Microsoft Notable August Out-of-Band Releases
Microsoft released a series of emergency non-security fixes for all supported operating
systems. These updates fix the following:
Some devices may experience stop error 0xD1 when you run network monitoring
workloads
The restart of the SQL Server service may fail with the error, “Tcp port is already in
use”
An issue may occur when an administrator tries to stop the World Wide Web
Publishing Service (W3SVC)
Affected OS KB Ivanti ID
Windows Server 2008 KB4345397 MSNS18-07-4345397
Windows 7/Server 2008 R2 KB4345459 MSNS18-07-4345459
Windows Server 2012 KB4345425 MSNS18-07-4345425
Windows 8.1/Server 2012 R2 KB4345424 MSNS18-07-4345424
9. Publicly Disclosed and Exploited Vulnerabilities
CVE-2018-8373 - Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Internet Explorer. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user. An attacker who successfully exploited the
vulnerability could gain the same user rights as the current user. If the current
user is an administrator, the attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted
website that is designed to exploit the vulnerability through Internet Explorer and
then convince a user to view the website. An attacker could also embed an
ActiveX control marked "safe for initialization" in an application or Microsoft Office
document that hosts the IE rendering engine. The attacker could also take
advantage of compromised websites and websites that accept or host user-
provided content or advertisements.
10. Publicly Disclosed and Exploited Vulnerabilities (cont)
CVE-2018-8414 - Windows Shell Remote Code Execution Vulnerability
An attacker who successfully exploited this vulnerability could run arbitrary code
in the context of the current user. If the current user is logged on as an
administrator, an attacker could take control of the affected system. An attacker
could then install programs; view, change, or delete data; or create new accounts
with elevated privileges. Users whose accounts are configured to have fewer
privileges on the system could be less impacted than users who operate with
administrative privileges.
To exploit the vulnerability, an attacker must entice a user to open a specially
crafted file. This file could be sent via email or posted on a web site. In either
case, the file containing malicious code would need to be opened to exploit the
vulnerability.
11. Windows 10 Lifecycle Awareness
Windows 10 Branch Support: End of Service for 2018
Branch 1703 scheduled for October 9
Windows 10 Version 1607, 1703, 1709 and 1803 will continue to receive
security-only updates for 6 months past EOS dates
Supported Editions
Windows 10 Education
Windows 10 Enterprise
Unsupported Editions
Windows 10 Home
Windows 10 Pro
Windows 10 Version 1607 is in extended support now until October 9
Everyone strongly urged to update to latest version of Windows 10
Windows lifecycle fact sheet
12. Other Microsoft Information
Service Stack Update (SSU) KB 4132216 must be installed before installing
the latest cumulative update KB 4343887 on Windows 10 Version 1607. The
same servicing stack update is required for Microsoft’s Adobe Flash update
(4343902). The updates will not be reported as applicable until the SSU is
installed.
Visual C++ 2013 Redistributable must be installed before installing Exchange
2010 Rollup 23 (KB4340733)
Development Tool Security Releases
Visual Studio 2015/2017
13. Weekly Patch BLOG
Latest Patch Releases
Microsoft and Third-party
Security and non-Security
CVE Analysis
Security Events of Interest
Host: Brian Secrist
https://www.ivanti.com/blog/
topics/patch-tuesday
14. New Patch Content Announcement System
Announcements Posted on Community Pages
https://community.ivanti.com/community/other/bulletins/patch-content-
notifications
Separate pages by product
NOTE: Linux/UNIX/Mac still under construction
15. Automated Patch Content Notification
Email and RSS Feed Notification Options Available
Subscription Managed from the News Page
https://community.ivanti.com/news?channel=news
Complete instructions at https://community.ivanti.com/docs/DOC-68623
Subscribe to one or more products
Include the Weekly Patch blog in your Subscription to get the Latest Info!
NOTE: Legacy Notifications from Listserv end after August Patch Tuesday
17. APSB18-29: Security Update for Adobe Acrobat and Reader
Maximum Severity: Critical
Affected Products: Adobe Acrobat and Reader (all current versions)
Description: Adobe has released security updates for Adobe Acrobat and Reader for
Windows and macOS. These updates address critical and important vulnerabilities.
Successful exploitation could lead to arbitrary code execution in the context of the
current user.
Impact: Remote Code Execution
Fixes 2 Vulnerabilities: CVE-2018-12799, CVE-2018-12808.
Restart Required: Requires application restart
18. APSB18-25: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player for Desktop Runtime, Google Chrome,
Internet Explorer 11 and Edge
Description: Adobe has released security updates for Adobe Flash Player for
Windows, macOS, Linux and Chrome OS. These updates address critical
vulnerabilities in Adobe Flash Player 30.0.0.134 and earlier versions. Successful
exploitation could lead to arbitrary code execution in the context of the current user.
Impact: Security Feature Bypass, Elevation of Privilege, and Information Disclosure
Fixes 5 Vulnerabilities: CVE-2018-12824, CVE-2018-12825, CVE-2018-12826,
CVE-2018-12827, CVE-2018-12828
Restart Required: Requires application restart
19. MS18-08-AFP: Security Update for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server Version 1803, Windows 10
Version 1803, Windows Server 2016 Version 1709, Windows 10 Version 1709,
Windows 10 Version 1703, Windows Server 2016, Windows 10 Version 1607, Windows
10 (RTM), Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is
based on ADV180020.
Impact: Remote Code Execution
Fixes 5 Vulnerabilities: CVE-2018-12824, CVE-2018-12825, CVE-2018-12826,
CVE-2018-12827, CVE-2018-12828
Restart Required: Requires application restart
20. MS18-08-W10: Windows 10 Update
Maximum Severity: Critical
Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803, Server
2016, Server 1709, Server 1803, IE 11 and Microsoft Edge
Description: This bulletin references 9 KB articles. See KBs for the list of changes.
Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of
Privilege, and Information Disclosure
Fixes 44 Vulnerabilities: CVE-2018-8373 and CVE-2018-8414 are publicly
disclosed and known exploited. See Details column of Security Update Guide for
complete list of CVEs.
Restart Required: Requires restart
Known Issues: See next slide
21. August Known Issues for Windows 10
KB 4343897 - Windows 10 version 1709
Some non-English platforms may display the following string in English instead of the localized
language: ”Reading scheduled jobs from file is not supported in this language mode.” This error
appears when you try to read the scheduled jobs you've created and Device Guard is enabled.
When Device Guard is enabled, some non-English platforms may display the following strings in
English instead of the localized language:
"Cannot use '&' or '.' operators to invoke a module scope command across language boundaries."
"'Script' resource from 'PSDesiredStateConfiguration' module is not supported when Device Guard is
enabled. Please use 'Script' resource published by PSDscResources module from PowerShell Gallery."
Workaround – None. Microsoft is still working on a resolution.
22. MS18-08-IE: Security Updates for Internet Explorer
Maximum Severity: Critical
Affected Products: Microsoft Internet Explorer 9, 10 and 11
Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in the cumulative Security Update for Internet
Explorer (KB 4343205) are also included in the August 2018 Security Monthly Quality
Rollup. Installing either the Security Update for Internet Explorer or the Security
Monthly Quality Rollup installs the fixes that are in this update. This bulletin references
10 KB articles.
Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
Fixes 11 vulnerabilities: CVE-2018-8316, CVE-2018-8351, CVE-2018-8353, CVE-
2018-8355, CVE-2018-8357, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-
2018-8385, CVE-2018-8389, CVE-2018-8403
Restart Required: Requires browser restart
Known Issues: None reported
23. MS18-08-2K8: Windows Server 2008
Maximum Severity: Critical
Affected Products: Microsoft Windows Server 2008
Description: Security updates for Microsoft COM for Windows, Windows font library,
processing of .LNK files, the Windows kernel and Windows Graphics Device Interface
(GDI). Provides protections for an additional vulnerability involving side-channel
speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-
3665). This bulletin references 6 KB articles.
Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
Fixes 10 Vulnerabilities: CVE-2018-8339, CVE-2018-8344, CVE-2018-8345, CVE-
2018-8346, CVE-2018-8348, CVE-2018-8349, CVE-2018-8394, CVE-2018-8396, CVE-
2018-8397, CVE-2018-8398
Restart Required: Requires restart
Known Issues: None reported
24. MS18-08-MR7: Monthly Rollup for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4338821 (released July 18, 2018). Provides protections against a new
speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF).
Provides protections against an additional vulnerability involving side-channel
speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-
3665) for 32-Bit (x86) versions of Windows. This bulletin is based on KB 4343900.
Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
Fixes 14 (shown) + 11 (IE) Vulnerabilities: CVE-2018-8339, CVE-2018-8341,
CVE-2018-8342, CVE-2018-8343, CVE-2018-8344, CVE-2018-8345, CVE-2018-8346,
CVE-2018-8348, CVE-2018-8349, CVE-2018-8394, CVE-2018-8396, CVE-2018-8397,
CVE-2018-8398, CVE-2018-8404
Restart Required: Requires restart
Known Issues: See next slide
25. August Known Issue for Windows 7 and Server 2008 R2
KB 4343900 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
There is an issue with Windows and third-party software that is related to a missing file
(oem<number>.inf). Because of this issue, after you apply this update, the network interface
controller will stop working.
Workaround –
1.To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
2.To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes
from the Action menu.
a. Alternatively, install the drivers for the network device by right-clicking the device and
selecting Update. Then select Search automatically for updated driver software or Browse
my computer for driver software.
26. MS18-08-SO7: Security-only Update for Win 7 and Server 2008 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 7 and Server 2008 R2
Description: Provides protections against a new speculative execution side-channel
vulnerability known as L1 Terminal Fault (L1TF). Provides protections against an
additional vulnerability involving side-channel speculative execution known as Lazy
Floating Point (FP) State Restore (CVE-2018-3665) for 32-Bit (x86) versions of Windows.
This bulletin is based on KB 4343899.
Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
Fixes 14 Vulnerabilities: CVE-2018-8339, CVE-2018-8341, CVE-2018-8342, CVE-
2018-8343, CVE-2018-8344, CVE-2018-8345, CVE-2018-8346, CVE-2018-8348, CVE-
2018-8349, CVE-2018-8394, CVE-2018-8396, CVE-2018-8397, CVE-2018-8398, CVE-
2018-8404
Restart Required: Requires restart
Known Issues: None reported
27. MS18-08-MR8: Monthly Rollup for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012 and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4338816 (released July 18, 2018). Provides protections against a new
speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF).
Provides protections against an additional vulnerability involving side-channel
speculative execution known as Lazy Floating Point (FP) State Restore (CVE-2018-
3665) for 32-Bit (x86) versions of Windows. This bulletin is based on KB 4343901.
Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
Fixes 10 (shown) + 11 (IE) Vulnerabilities: CVE-2018-8339, CVE-2018-8341,
CVE-2018-8343, CVE-2018-8344, CVE-2018-8345, CVE-2018-8348, CVE-2018-8349,
CVE-2018-8394, CVE-2018-8398, CVE-2018-8404
Restart Required: Requires restart
Known Issues: None reported
28. MS18-08-SO8: Security-only Update for Server 2012
Maximum Severity: Critical
Affected Products: Microsoft Server 2012
Description: Provides protections against a new speculative execution side-channel
vulnerability known as L1 Terminal Fault (L1TF). Provides protections against an
additional vulnerability involving side-channel speculative execution known as Lazy
Floating Point (FP) State Restore (CVE-2018-3665) for 32-Bit (x86) versions of
Windows. This bulletin is based on KB 4343896.
Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
Fixes 10 Vulnerabilities: CVE-2018-8339, CVE-2018-8341, CVE-2018-8343, CVE-
2018-8344, CVE-2018-8345, CVE-2018-8348, CVE-2018-8349, CVE-2018-8394, CVE-
2018-8398, CVE-2018-8404
Restart Required: Requires restart
Known Issues: None reported
29. MS18-08-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Description: This security update includes improvements and fixes that were a part of
update KB 4338831 (released July 18, 2018). Provides protections against a new
speculative execution side-channel vulnerability known as L1 Terminal Fault (L1TF)
This bulletin is based on KB 4343898.
Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
Fixes 12 (shown) + 11 (IE) Vulnerabilities: CVE-2018-8339, CVE-2018-8340,
CVE-2018-8341, CVE-2018-8343, CVE-2018-8344, CVE-2018-8345, CVE-2018-8348,
CVE-2018-8349, CVE-2018-8394, CVE-2018-8398, CVE-2018-8404, CVE-2018-8405
Restart Required: Requires restart
Known Issues: None reported
30. MS18-08-SO81: Security-only Update for Win 8.1 and Server 2012 R2
Maximum Severity: Critical
Affected Products: Microsoft Windows 8.1, Server 2012 R2
Description: Provides protections against a new speculative execution side-channel
vulnerability known as L1 Terminal Fault (L1TF). This bulletin is based on KB 4343888.
Impact: Remote Code Execution, Security Feature Bypass, Elevation of Privilege, and
Information Disclosure
Fixes 12 Vulnerabilities: CVE-2018-8339, CVE-2018-8340, CVE-2018-8341, CVE-
2018-8343, CVE-2018-8344, CVE-2018-8345, CVE-2018-8348, CVE-2018-8349, CVE-
2018-8394, CVE-2018-8398, CVE-2018-8404, CVE-2018-8405
Restart Required: Requires restart
Known Issues: None reported
31. MS18-08-EX: Security Updates for Exchange Server
Maximum Severity: Critical
Affected Products: Microsoft Exchange Server 2010-2016
Description: This security update resolves several memory corruption vulnerabilities
in Microsoft Exchange. This bulletin is based on KB 4340731 and KB 4340733.
Impact: Remote Code Execution and Tampering
Fixes 2 Vulnerabilities: CVE-2018-8302, CVE-2018-8374
Restart Required: Requires Restart
Known Issues: Updates must be installed when running in elevated mode as
administrator. Installing in normal mode will result in failed installation.
32. MS18-08-SQL: Security Updates for SQL Server
Maximum Severity: Critical
Affected Products: Microsoft SQL Server 2016, 2017
Description: This security update fixes a buffer overflow vulnerability. This bulletin is
based on 6 KB articles.
Impact: Remote Code Execution
Fixes 1 Vulnerability: CVE-2018-8273
Restart Required: Requires Restart
Known Issues: None reported
33. MS18-08-SPT: Security Updates for SharePoint Server
Maximum Severity: Important
Affected Products: Microsoft Enterprise SharePoint Server 2013, 2016
Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This bulletin
is based on 4 KB articles.
Impact: Information Disclosure
Fixes 1 Vulnerability: CVE-2018-8378
Restart Required: Requires Restart
Known Issues: None reported
34. MS18-08-OFF: Security Updates for Microsoft Office
Maximum Severity: Important
Affected Products: Excel 2010-2016, Office 2010-2016, Office 2016 for Mac, Outlook
2010-2016, Powerpoint 2010, Web Apps
Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 19 KB articles and Release Notes.
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure, and
Defense in Depth
Fixes 6 Vulnerabilities: CVE-2018-8375, CVE-2018-8376, CVE-2018-8378, CVE-
2018-8379, CVE-2018-8382, CVE-2018-8412
Restart Required: Requires application restart
Known Issues: None reported
35. MS18-08-O365: Security Updates for Microsoft Office 365
Maximum Severity: Important
Affected Products: Excel 2016, Office 2016, Outlook 2016
Description: This security update resolves vulnerabilities in most Microsoft Office 365
applications. Information on Office 365 updates is available at
https://technet.microsoft.com/en-us/office/mt465751
Impact: Remote Code Execution and Information Disclosure
Fixes 4 Vulnerabilities: CVE-2018-8375, CVE-2018-8378, CVE-2018-8379, CVE-
2018-8382
Restart Required: Requires application restart
Known Issues: None reported
36. MS18-08-MRNET: Monthly Rollup for Microsoft .Net
Maximum Severity: Important
Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.2
Description: This security update resolves an information disclosure vulnerability in
Microsoft .NET Framework that could allow an attacker to access information in multi-
tenant environments. This bulletin references 10 KB articles.
Impact: Information Disclosure
Fixes 1 Vulnerability: CVE-2018-8360
Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.
37. MS18-08-SONET: Security-only Update for Microsoft .Net
Maximum Severity: Important
Affected Products: Microsoft Windows .Net Framework 2.0 through 4.7.2
Description: This security update resolves an information disclosure vulnerability in
Microsoft .NET Framework that could allow an attacker to access information in multi-
tenant environments. This bulletin references 10 KB articles.
Impact: Information Disclosure
Fixes 1 Vulnerability: CVE-2018-8360
Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.
38. Between Patch Tuesday’s
New Product Support: Box Edit
Security Updates: CCleaner (1), Google Chrome (3), Firefox (1), Foxit PhantomPDF
(1), Foxit Reader (1), FileZilla (2), Oracle JRE (2), Oracle JDK (1), Libreoffice (1), Nitro Pro
(1), Notepad++ (1), Opera (3), SeaMonkey (1), Splunk Universal Forwarder (2),
Thunderbird (1), TortoiseSVN (1), UltraVNC (1), Wireshark (2), VirtualBox (1), VMWare
Horizon Client (1)
Non-Security Updates: Allway Sync (1), Bandicut (1), Box Edit (1), Camtasia (1),
DropBox (1), Google Drive File Stream (1), Google Earth Pro (1), GOM Player (1),
GoodSync (4), GoToMeeting (2), Microsoft (55), Power BI Desktop (2), PDF-Xchange Pro
(1), Paint.net (1), Plex Media Player (3), Plex Media Server (3), Prezi Classic Desktop (1),
Royal TS (3), Skype (1), TreeSize Free (2), TeamViewer (1), Xmind (1), Zoom Client (1)