June Patch Tuesday 2018

Patch Tuesday Webinar
Wednesday, Jun 13, 2018
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 804 121 959

Agenda
June 2018 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

In the News
 Zero Day Flash Flaw
 https://threatpost.com/zero-day-flash-exploit-targeting-middle-east/132659/

Known Exploited Vulnerabilities
 CVE-2018-5002 - Stack Based Buffer Overflow Vulnerability
 A remote code execution vulnerability exists in the way that Adobe Flash Player
handles objects in memory. The vulnerability could corrupt memory in such a way
that an attacker could execute arbitrary code in the context of the current user.
An attacker who successfully exploited the vulnerability could gain the same user
rights as the current user. If the current user is logged on with administrative user
rights, an attacker who successfully exploited the vulnerability could take control
of an affected system.
 This vulnerability requires the system user to open a document containing a
weaponized Flash Player object. The buffer overflow is exploited as the flash
object opens and additional shell code is downloaded to the system for deeper
exploitation.

Publicly Disclosed Vulnerabilities
 CVE-2018-8267 - Scripting Engine Memory Corruption Vulnerability
 A remote code execution vulnerability exists in the way that the scripting engine
handles objects in memory in Internet Explorer. The vulnerability could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user. An attacker who successfully exploited the
vulnerability could gain the same user rights as the current user. If the current
user is logged on with administrative user rights, an attacker who successfully
exploited the vulnerability could take control of an affected system.
 In a web-based attack scenario, an attacker could host a specially crafted
website that is designed to exploit the vulnerability through Internet Explorer and
then convince a user to view the website. An attacker could also embed an
ActiveX control marked "safe for initialization" in an application or Microsoft Office
document that hosts the IE rendering engine. The attacker could also take
advantage of compromised websites and websites that accept or host user-
provided content or advertisements. These websites could contain specially
crafted content that could exploit the vulnerability.

Spectre and Meltdown Update
 New Generation of Spectre Vulnerabilities Found in Intel CPUs
 https://www.ghacks.net/2018/05/03/spectre-next-generation-vulnerabilities/
 Security status after applying June updates
Microsoft June 2018 Release Notes

Windows 10 Lifecycle Awareness
 Windows 10 Branch Support: End of Service for 2018
 Branch 1703 scheduled for October 9 (extended from September 2018)
 Windows 10 Version 1607, 1703, and 1709 will continue to receive security-
only updates for 6 months past EOS dates
 Supported Editions
 Windows 10 Education
 Windows 10 Enterprise
 Unsupported Editions
 Windows 10 Home
 Windows 10 Pro
 Windows 10 Version 1607 is in extended support now until October 9
 Everyone strongly urged to update to latest version of Windows 10
 Windows lifecycle fact sheet

Microsoft Notable May Out-of-Band Releases
 MSNS18-05-4090007_V3 (Q4090007): Intel microcode updates for Windows 10
Version 1709 and Windows Server 2016 (1709): KB 4090007
Version 1703: KB 4091663
Version 1607 and Windows Server 2016: KB 4091663
Version 1507: KB 4091666
 MSNS18-05-4100347 (Q4100347): Intel microcode updates for Windows 10 Version
1803: KB 4100347

Other Microsoft Information
 Service Stack Update KB 4132216 required for Windows 10 Version 1607
before installing June 2018 cumulative update
 XP Embedded Patches Released this Patch Tuesday
 MS18-06-XPE-4230467
 MS18-06-XPE-4293928
 MS18-06-XPE-4294413
 Microsoft Security Advisory 4338110
 https://docs.microsoft.com/en-us/security-
updates/securityadvisories/2018/4338110
 Microsoft guidance for CBC Symmetric Encryption Security Feature
Bypass

MS18-06-AFP: Security Update for Adobe Flash Player
 Maximum Severity: Critical
 Affected Products: Adobe Flash Player
 Description: This security update resolves vulnerabilities in Adobe Flash Player that is
installed on any supported edition of Windows Server Version 1803, Windows 10
Version 1803, Windows Server 2016 Version 1709, Windows 10 Version 1709,
Windows 10 Version 1703, Windows Server 2016, Windows 10 Version 1607, Windows
10 (RTM), Windows Server 2012 R2, Windows 8.1, or Windows RT 8.1. This bulletin is
based on KB 4287903 and ADV180014.
 Impact: Remote Code Execution
 Fixes 4 Vulnerabilities: CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, CVE-
2018-5002
 Restart Required: Requires application restart
 NOTE: Released June 7 with known Zero Day vulnerability

APSB18-19: Security Update for Adobe Flash Player
 Affected Products: Adobe Flash Player
 Description: Adobe has released security updates for Adobe Flash Player for
Windows, macOS, Linux and Chrome OS. These updates address critical
vulnerabilities in Adobe Flash Player 29.0.0.171 and earlier versions. Successful
exploitation could lead to arbitrary code execution in the context of the current user.
 Impact: Remote Code Execution
2018-5002
 NOTE: Released June 7 with known Zero Day vulnerability

MS18-06-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803, Server
2016, Server 1709, Server 1803, IE 11 and Microsoft Edge
 Description: This bulletin references 5 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
 Fixes 41 Vulnerabilities: CVE-2018-8267 is publicly disclosed. See Details column
of Security Update Guide for complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next two slides

June’s Known Issues for Windows 10
 KB 4284880 - Windows 10 Version 1607, Windows Server 2016
 Reliability issues have been observed during the creation of shielded VMs and the required
artifacts for their deployment. There are also reliability issues for the Shielding File Wizard with
or without the SCVMM interface. Note: Existing shielded VMs and HGSs are not affected.
 Workaround - None. Microsoft is working on a resolution.
 KB 4284819 - Windows 10 version 1709
 Some non-English platforms may display the following string in English instead of the localized
language: ”Reading scheduled jobs from file is not supported in this language mode.” This error
appears when you try to read the scheduled jobs you've created and Device Guard is enabled.
 When Device Guard is enabled, some non-English platforms may display the following strings in
English instead of the localized language:
 "Cannot use '&' or '.' operators to invoke a module scope command across language boundaries."
 "'Script' resource from 'PSDesiredStateConfiguration' module is not supported when Device Guard is
enabled. Please use 'Script' resource published by PSDscResources module from PowerShell Gallery."
 Workaround – None. Microsoft is working on a resolution.

June’s Known Issues for Windows 10 (cont)
 KB 4284819 - Windows 10 version 1803
 Some users running Windows 10 version 1803 may receive an error "An invalid argument was
supplied" when accessing files or running programs from a shared folder using the SMBv1
protocol.
 Workaround – Enable SMBv2 or SMBv3 on both the SMB server and the SMB client, as
described in KB2696547. Microsoft is working on a resolution that will be available later in June.

MS18-06-IE: Security Updates for Internet Explorer
 Affected Products: Microsoft Internet Explorer 9, 10 and 11
 Description: These security updates resolve several reported vulnerabilities in Internet
Explorer. The fixes that are included in this Security Update for Internet Explorer (KB
4230450) are also included in the June 2018 Security Monthly Quality Rollup. Installing
either the Security Update for Internet Explorer or the Security Monthly Quality Rollup
installs the fixes that are in this update. This bulletin references 9 KB articles.
 Impact: Remote Code Execution and Security Bypass
 Fixes 4 vulnerabilities: CVE-2018-0978, CVE-2018-8113, CVE-2018-8249, CVE-
2018-8267
 Restart Required: Requires browser restart
 Known Issues: None reported

MS18-06-2K8: Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Security updates to fix vulnerabilities associated with the HIDParser,
Windows Code Integrity Module, Windows DNSAPI, NTFS and the Windows kernel
module. This bulletin references 3 KB articles.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege and
Information Disclosure
2018-8207, CVE-2018-8224, CVE-2018-8225

MS18-06-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
 Description: This security update includes improvements and fixes that were a part of
update KB4103713 (released May 17, 2018). It includes security updates for Internet
Explorer, Windows apps, Windows Server, Windows storage and filesystems, Windows
wireless networking, and Windows virtualization and kernel. This bulletin is based on
KB 4284826.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege, and
 Fixes 8 (shown) + 4 (IE) Vulnerabilities: CVE-2018-1036, CVE-2018-1040, CVE-
2018-8169, CVE-2018-8205, CVE-2018-8207, CVE-2018-8224, CVE-2018-8225, CVE-
2018-8251
 Known Issues: See upcoming slide

MS18-06-SO7: Security-only Update for Win 7 and Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Description: Security updates to Windows apps, Windows Server, Windows storage and
filesystems, Windows wireless networking, and Windows virtualization and kernel. This
bulletin is based on KB 4284867.
 Fixes 8 Vulnerabilities: CVE-2018-1036, CVE-2018-1040, CVE-2018-8169, CVE-2018-
8205, CVE-2018-8207, CVE-2018-8224, CVE-2018-8225, CVE-2018-8251
 Known Issues: See next slide

June’s Known Issues for Windows 7 and Server 2008 R2
 KB 4284826 - Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
 A Stop error occurs on machines that don't support Streaming Single Instructions Multiple Data
(SIMD) Extensions 2 (SSE2).
 Workaround – None. Microsoft is working on a resolution.
 There is an issue with Windows and third-party software that is related to a missing file
(oem<number>.inf). Because of this issue, after you apply this update, the network interface
controller will stop working.
 Workaround –
1.To locate the network device, launch devmgmt.msc; it may appear under Other Devices.
2.To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes
from the Action menu.
a. Alternatively, install the drivers for the network device by right-clicking the device and
selecting Update. Then select Search automatically for updated driver software or Browse
my computer for driver software.
 KB 4284867 – Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
 Same issues for this Security Only update as listed above for Monthly Rollup

MS18-06-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Server 2012 and IE
update KB 4103719 (released May 17, 2018). Security updates to Internet Explorer,
Windows apps, Windows storage and filesystems, Windows Server, and Windows
wireless networking. This bulletin is based on KB 4284855.
2018-8251

MS18-06-SO8: Security-only Update for Server 2012
 Affected Products: Microsoft Server 2012
 Description: Security updates to Windows apps, Windows storage and filesystems,
Windows Server, and Windows wireless networking. This bulletin is based on KB
4284826.
2018-8205, CVE-2018-8207, CVE-2018-8210, CVE-2018-8225, CVE-2018-8251

MS18-06-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
update KB4103724 (released May 17, 2018). It includes security updates to Internet
Explorer, Windows apps, remote code execution, Windows Server, Windows storage
and filesystems, and Windows wireless networking. This bulletin is based on KB
4284815.
2018-8251

MS18-06-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Description: Security updates to Windows apps, remote code execution, Windows
Server, Windows storage and filesystems, and Windows wireless networking. This
bulletin is based on KB 4284878.
2018-8205, CVE-2018-8207, CVE-2018-8210, CVE-2018-8225, CVE-2018-8251

MS18-06-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Office 2010-2016, Excel 2010-2016, Outlook 2010-2016, Web
Apps Server, and Project Server
 Description: This security update resolves vulnerabilities in most Microsoft Office
applications. This bulletin references 22 KB articles.
 Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure and
Defense in Depth
2018-8247, CVE-2018-8248, CVE-2018-8254 and ADV180015

MS18-06-O365: Security Updates for Microsoft Office 365
 Affected Products: Office 2016
 Description: This security update resolves vulnerabilities in most Microsoft Office 365
applications. Information on Office 365 updates is available at
https://technet.microsoft.com/en-us/office/mt465751
 Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure
 Fixes 3 Vulnerabilities: CVE-2018-8244, CVE-2018-8246, CVE-2018-8248

MS18-06-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft Enterprise SharePoint Server 2013, 2016
 Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This update
contains many non-security fixes as well. This bulletin is based on KB 4022190 and
KB 4022173.
 Impact: Remote Code Execution, Elevation of Privilege and Information Disclosure
 Fixes 2 Vulnerabilities: CVE-2018-8252, CVE-2018-8254
 Restart Required: Requires Restart
 NOTE: After installing the updates for SharePoint Foundation 2013 Service Pack 1 or
SharePoint Enterprise Server 2016, you need to run psconfig.exe.

Chrome-228: Security Update for Chrome
 Maximum Severity: Critical (High by Google)
 Affected Products: Google Chrome
 Description: The stable channel has been updated to 67.0.3396.87 for Windows,
Mac, and Linux, which will roll out over the coming days/weeks.
 Impact: Out of bounds write
 Fixes 1 Vulnerability: CVE-2018-6149

Non-Security Updates
 Maximum Severity: Recommended
 Affected Products: Opera, Nitro-Pro, Blue Jeans, Shockwave
 Description: Non-Security updates may include critical bug fixes and feature
updates. Depending on what version you are updating from a Non-Security
update could include security fixes from previous updates you have not yet
applied. Ivanti recommends updating 3rd party applications as regularly as
possible to ensure additional security threats are not exposed.

Between Patch Tuesday’s
New Product Support: Google Drive File Stream, Zoom Client, Zoom Outlook Plugin
Security Updates: Apple Mobile Device Support (1), Adobe Acrobat(1), Adobe Reader
(1), Adobe Creative Cloud (1), Adobe Flash Player (1), CCleaner (3), Google Chrome (4),
CoreFTP (2), Firefox (2), Firefox ESR (3), GIMP (1), HP System Management Homepage
(1), iCloud (1), iTunes (1), LibreOffice (2). Malwarebytes (1), Microsoft (2), Opera (4),
RealPlayer (1), Slack (1), Splunk Forwarder (1), Shockwave (1), Thunderbird (1), Apache
Tomcat (1), VLC Player (1), VMware Player (1), VMware Workstation (1), WinSCP (1),
Wireshark (1)
Non-Security Updates: AIMP (1), Bandicut (1), Box Sync (1), Dropbox (4), Google
Drive File Stream (1), GOM Player (1), Goodsync (4), GoToMeeting (2), Google Backup
and Sync (2), Blue Jeans (1), KeePass Pro (1), LogMeIn (1), Microsoft (50), Oracle
VirtualBox (1), Plex Media Player (2), Plex Media Server (3), Prezi Desktop (1), Skype (4),
Sublime Text Editor (1), TightVNC (1), Webex Productivity Tools (1), XnView (1), Zoom
Client (3), Zoom Outlook Plugin (1)

Third Party CVE Information
 Firefox ESR 52.8.1
 FFE18-5281, QFFE5281
 Firefox 60.0.2
 Bulletin FF18-011, QFF6002
 Firefox ESR 60.0.2
 Bulletin 7ZIP-011, Q7ZIP1805
 Fixes 16 Vulnerabilities: CVE-2018-4188, CVE-2018-4190, CVE-2018-4192,
CVE-2018-4199, CVE-2018-4200, CVE-2018-4201, CVE-2018-4204, CVE-2018-
4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4224, CVE-2018-4225, CVE-
2018-4226, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246

Third Party CVE Information (cont)
 Visual Studio 2017 version 15.7.3
 Bulletin MS18-0531-VS2017, QVS20171573
 Fixes 2 Vulnerabilities: CVE-2018-11233, CVE-2018-11235
 Wireshark 2.6.1
 Bulletin WIRES-078, QWIRES261
CVE-2018-11357, CVE-2018-11358, CVE-2018-11359, CVE-2018-11360, CVE-
2018-11361
 Thunderbird 52.8.0
 Bulletin TB18-5280, QTB5280
CVE-2018-5159, CVE-2018-5161, CVE-2018-5162, CVE-2018-5168, CVE-2018-
5170, CVE-2018-5174, CVE-2018-5178, CVE-2018-5183, CVE-2018-5184, CVE-
2018-5185

 VMware Workstation 14.1.2 Player
 Bulletin VMWP-036, QVMWP1412
 VMware Workstation 14.1.2 Pro
 Bulletin VMWW-012, QVMWW1412

 Adobe Acrobat/Reader
 Bulletin APSB18-09, QARDC1801120040MUI, QARDC1801120040,
QARDC1701130080MUI, QARDC1500630418MUI, QADC1801120040,
QADC1701130080, QADC1500630418
 Fixes 13 Vulnerabilities: CVE-2018-4946,CVE-2018-4947,CVE-2018-4948,CVE-
2018-4949,CVE-2018-4950,CVE-2018-4951,CVE-2018-4952,CVE-2018-
4953,CVE-2018-4954,CVE-2018-4955,CVE-2018-4956,CVE-2018-4957,CVE-
2018-4958,CVE-2018-4959,CVE-2018-4960,CVE-2018-4961,CVE-2018-
2018-4967,CVE-2018-4968,CVE-2018-4969,CVE-2018-4970,CVE-2018-
2018-4976,CVE-2018-4977,CVE-2018-4978,CVE-2018-4979,CVE-2018-
2018-4985,CVE-2018-4986,CVE-2018-4987,CVE-2018-4988,CVE-2018-
4989,CVE-2018-4990,CVE-2018-4993,CVE-2018-4994

New Webinars
 Second ‘Patch Tuesday Webinar’ recording at a Europe-friendly time
 Hosted by Chris Goettl and Todd Schell
 July 12 at 1pm BST | 2pm CEST
 https://go.ivanti.com/Webinar-July-Patch-Tuesday-071218.html
 New bi-monthly series - Windows 10 Insights for the Enterprise
 Hosted by Rex McMillan and Adam Smith
 Insider preview of upcoming changes at Microsoft, interview industry experts and
customers, migration tips, best practices, Q&A
 June 20 at 8am PT | 11am ET
 https://go.ivanti.com/Webinar-0620-Windows-10-Enterprise.html

June Patch Tuesday 2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to June Patch Tuesday 2018

Similar to June Patch Tuesday 2018 (20)

More from Ivanti

More from Ivanti (20)

Recently uploaded

Recently uploaded (20)

June Patch Tuesday 2018